Authentication - HeilOliver/Timeify GitHub Wiki

The API of Timefiy requires a previous registration and a successful login.

Authentication and authorization is done via Json Web Tokens (JWT). These tokens contain information about username and roles.

At login the token and a refresh token are returned. The refresh token is needed to create a new token when the old token has expired.

The token must be inserted in the authorization http header with the prefix "Baerer".

Rols

In Timefiy we distinguish between three different roles, "creater", "contributer" and "admin".

The role "creator" is needed to create, update or delete resources. The role "contributer" is needed to query resources. The role is also used to complete "JobTask"´s .

When a new user registers, he automatically gets the role "contributer". Users with the role "admin" can assign and remove other roles to a user.

Configuration

Authentication and authorization is defined using anotations at the individual methods/controllers.

[HttpGet]
[Authorize(Roles = "creator, contributor")]
public async Task<IActionResult> GetAll()

The annotations then generate an interceptor that checks incoming requests. The delivered token is checked and compared against the required roles. In case the token has expired, an expired field is automatically set in the header and the request is rejected.

The client can then create a new token using the refresh token.