Dangl.RestClient

Build Status

Changelog
Online Documentation

This project provides DanglHttpClient to easily interact with all Dangl web services. To avoid TCP exhaustion, HttpClients and derived types should always be used as singletons.

ITokenHandler

The ITokenHandler is an interface that be be used to support the automatic obtaining of Tokens and refreshing them. It can be configured to support either of the functionalities or none at all. If none is supplied, by default a NoOpTokenHandler is used that does not perform any operations.

It can be used, for example, in server backends that use the ClientCredentials grant.

ITokenStorage

The ITokenStorage is an interface that is used to store and persist tokens, e.g. it could use the local app storage on a mobile app or the database in a server application. It is used so that only tokens and not the full user credentials need to be stored. By default, there's an InMemoryTokenStorage for non-persisting use available.

Dangl.RestClient.Identity.Server

The Dangl.RestClient.Identity.Server package contains a DanglIdentityServerTokenHandler which can be used in server-side applications that want to authenticate with ClientCredentials grant against Dangl.Identity.

It works based on the passed-in ITokenStorage and is safe to use as a singleton throughout the app lifetime.

Dangl.RestClient.Identity.TrustedServer

This is intended to be used in server-based applications developed by DanglIT. Dangl.Identity clients may make inter-service calls that are authenticated via the OAuth2 ClientCredentials grant type, meaning the services authenticate as themselves and do not have a user context. Some calls, however, are made on behalf of the user. In some cases, you want to transmit user ids along with the request to indicate who initiated the action. For example, Dangl.AVACloud conversions may be called by the Dangl.WebGAEB service. In such cases, Dangl.WebGAEB may say "I'm doing the conversion for user Bob". This can be done between trusted clients when using Dangl.Identity authentication.

The Dangl.Identity.Client.Mvc package has a UserInformationTransmissionHttpHandler that will append the user information of the currently authenticated user to outgoing Http calls for trusted domains.

The acceptance of this transmitted data depends on the client having the user_delegation_allowed claim. This claim is only available for trusted projects by DanglIT and not available for external customers.

Setup

The extension class Dangl.RestClient.Identity.TrustedServer.ServiceCollectionExtensions.AddTransientTrustedDanglRestClient() allows you to add an implementation of the DanglHttpClient to the service collection. It will be registered as type of TrustedDanglHttpClient, so services that want to use it should define it as such a dependency or you must provide a custom factory method in the dependency injection for it to resolve correctly. This means that a service that is intended to be used for inter-service communication should have a constructor signature like public MyService(TrustedDanglHttpClient httpClient).

Internally, the provisioning works in two ways:

  • The inner http handler is kept around as singleton, to avoid TCP congestion / exhaustion that commonly occurs when quickly creating and disposing HttpClients.
  • Transiently, meaning for every request to the DI resolver, a new UserInformationTransmissionHttpHandler will be created that gets its IUserInfoService for the current request, so that the correct user information is read.

Dangl.RestClient.Identity.App

The Dangl.RestClient.Identity.App package contains a DanglIdentityAppTokenHandler which can be used in client-side applications, meaning applications that are distributed to clients. It offers functionality to integrate with web apps that make use of the Dangl.Identity.Client.Mvc package to delegate login to Dangl.Identity.

It works based on the passed-in ITokenStorage and is safe to use as a singleton throughout the app lifetime.

While it is possible to instantiate this with username / email and password, it is advised that this is not done. A typical workflow in an app should be:

  1. On the login screen, ask the user to provide his credentials
  2. Perform a token-based authentication with the Dangl.Identity.Client.App package and store the token in the used ITokenStore instance.
  3. Let the DanglIdentityAppTokenHandler handle only token refresh.