Dangl.RestClient
This project provides DanglHttpClient
to easily interact with all Dangl web services.
To avoid TCP exhaustion, HttpClient
s and derived types should always be used as singletons.
ITokenHandler
The ITokenHandler
is an interface that be be used to support the automatic
obtaining of Tokens and refreshing them. It can be configured to support either of
the functionalities or none at all. If none is supplied, by default a NoOpTokenHandler
is used that does not perform any operations.
It can be used, for example, in server backends that use the ClientCredentials
grant.
ITokenStorage
The ITokenStorage
is an interface that is used to store and persist tokens, e.g.
it could use the local app storage on a mobile app or the database in a server application.
It is used so that only tokens and not the full user credentials need to be stored.
By default, there's an InMemoryTokenStorage
for non-persisting use available.
Dangl.RestClient.Identity.Server
The Dangl.RestClient.Identity.Server
package contains a DanglIdentityServerTokenHandler
which
can be used in server-side applications that want to authenticate with ClientCredentials
grant
against Dangl.Identity.
It works based on the passed-in ITokenStorage
and is safe to use as a singleton throughout the app lifetime.
Dangl.RestClient.Identity.TrustedServer
This is intended to be used in server-based applications developed by DanglIT.
Dangl.Identity clients may make inter-service calls that are authenticated via the OAuth2 ClientCredentials
grant type, meaning the services authenticate as themselves and do not have a user context. Some calls, however,
are made on behalf of the user. In some cases, you want to transmit user ids along with the request to indicate
who initiated the action. For example, Dangl.AVACloud conversions may be called by the Dangl.WebGAEB service.
In such cases, Dangl.WebGAEB may say "I'm doing the conversion for user Bob
". This can be done between
trusted clients when using Dangl.Identity authentication.
The Dangl.Identity.Client.Mvc package has a UserInformationTransmissionHttpHandler
that will append the user
information of the currently authenticated user to outgoing Http calls for trusted domains.
The acceptance of this transmitted data depends on the client having the user_delegation_allowed
claim.
This claim is only available for trusted projects by DanglIT and not available for external customers.
Setup
The extension class Dangl.RestClient.Identity.TrustedServer.ServiceCollectionExtensions.AddTransientTrustedDanglRestClient()
allows you to add an implementation of the DanglHttpClient
to the service collection. It will be registered as
type of TrustedDanglHttpClient
, so services that want to use it should define it as such a dependency or you must
provide a custom factory method in the dependency injection for it to resolve correctly. This means that a service that
is intended to be used for inter-service communication should have a constructor signature like public MyService(TrustedDanglHttpClient httpClient)
.
Internally, the provisioning works in two ways:
- The inner http handler is kept around as singleton, to avoid TCP congestion / exhaustion that commonly occurs when
quickly creating and disposing
HttpClients
. - Transiently, meaning for every request to the DI resolver, a new
UserInformationTransmissionHttpHandler
will be created that gets itsIUserInfoService
for the current request, so that the correct user information is read.
Dangl.RestClient.Identity.App
The Dangl.RestClient.Identity.App
package contains a DanglIdentityAppTokenHandler
which can
be used in client-side applications, meaning applications that are distributed to clients. It offers
functionality to integrate with web apps that make use of the Dangl.Identity.Client.Mvc package to
delegate login to Dangl.Identity.
It works based on the passed-in ITokenStorage
and is safe to use as a singleton throughout the app lifetime.
While it is possible to instantiate this with username / email and password, it is advised that this is not done. A typical workflow in an app should be:
- On the login screen, ask the user to provide his credentials
- Perform a token-based authentication with the Dangl.Identity.Client.App package and store
the token in the used
ITokenStore
instance. - Let the
DanglIdentityAppTokenHandler
handle only token refresh.