ASP.NET Core Web API Identity JWT 2024 - 23. Token Service

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so believe it or not we have already written code to handle the validation of jwt's we can already accept jwt's but the one issue is that we can't generate jwt's yet we need to write code that's going to handle the generation there's many ways to do this but I will be in my opinion this is totally my opinion it's just easier to write your own service to literally create tokens outside of identity there are tools that will allow you to maybe just type in something on the command line but I think it's way easier and it's way better just to create your own service but before we get into creating the service let's talk about claims versus roles because this is very important and then if you don't understand this it's going to cause you a lot of trouble so if you've ever used any type of software you've come in contact with roles and roles are great but what has happened is that as apps have become more complex it's almost impossible for the concept of roles to keep up with the complexity of apps because think about it what if you had 20 different roles and each time that you needed to get this role you had to get it from the database and that is the limitation with roles in order to actually get a role and to utilize a role you have to hit the database and the database has to be utilized but this is where claims come in claims are the ultimate they're literally just like a tag but they are associated with the user and the best thing about claims and what makes claims a lot better than rolls and why Microsoft has chosen to kind of distance itself from rolls is that claims don't use the database and claims also give you way more flexibility because you can just stuff a claim into a JWT and you can be on your way and that's actually what we are about to do what's going to happen is that we are going to generate the JWT on the server and we are going to stuff it with these things called claims and within these claims we can have almost like roles they are pretty much just rolls key value pairs of things that are going to describe what the user does and what the user can do but the great thing is is that we can also send it in the form of a JWT so the user can also have all of these roles or all of these claims in these rooll like things within the JWT and each time that they send a request all of this data is going to be within our JWT and that's the beauty of it and as soon as it enters the server the JWT is going to be blown away and what's going to happen is that these values are going to be associated with the user each time that they use the endpoint and you'll be able to access these through the HTTP Contex so if that's a little confusing for you let's just go through it one more time the user is going to submit their email they're going to log in and what's going to happen is that they are going to send their JWT to the server when they are authenticated this thing called a claims principle is going to be created and within this claims principle we will get access to all these values that we saw over here like is the you know the username the email is it a paying user the time zone and the concept of a claims principle is almost like a wallet it's just like this little object that keeps track of everything it's kind of got a funky name it's kind of got a weird name claims what does claims mean but claims is pretty much just like a wallet or some type of little authentication wallet that's going to hold things like the email the user and the past name and we can use these we can use this object we can use this HTTP user context all throughout the app as long as the user is logged in so that's pretty much it but let's go ahead let's hop inside vs code and let's create our JWT service okay so the first thing that we we want to do is we want to create a service folder remember that a service is very different from a repository a repository is for database calls a service could be anything else any type of abstraction but first we need to go into our interfaces and we need to actually create an interface that's going to handle our token service so I'm going to call this I token service and I'm going to go into here and I'm going to create a method that's called create token and within this create token all that we're going to do is we're going to pass in our app user looking good so interface is taken care of now we go into the service folder if you haven't created it make sure to create it and I'm going to go into here and I'm going to make the token service so within the token service we are of course we're going to inherit from our it toen service interface and make sure that we implement it the next thing that that we're going to do is we're going to do a c we're going to go into our Constructor and we need to bring in a couple things the first thing that we need to do is we need to bring in our eye configuration because we're going to have to pull stuff from our app settings Json and if you don't know you might not know what app settings Json is so we need to pull stuff from here we need to actually go into this app settings Json and this is what this I config is or IE configuration I should say next thing that we're going to do we're going to go up here and we're going to bring in the eye configuration so I configuration and we'll call this underscore config then we're going to go down under here we're going to say private readon and we're going to bring in what's called a symmetric security key now a symmetric security key it's really not that complicated but we'll talk about here in a second because I don't want to kind of get into it right now because it because it is a little confusing uh okay so that's all that we need now we need to bring in the actual config so bring in the config object so we can access the config at our very whim and we'll go down here and we're going to bring in the key so we'll say new symmetric security key and we're going to have to use encoding and we're going to go utf8 the reason that we use encoding is that we have to turn it into bytes it's not going to accept it as just a regular string and byes is basically a fancy word for we're going to break it up it's instead of it just being a full string we're going to break it up into individual little bits then we go into here we're going to go config we'll go JWT and we'll say this is where we're going to get our key now a key and the reason that we're using the config is because the key is very important do not give out your key the key is very dangerous because like I said if anybody gets your key they can make tokens because JWT is totally by itself the whole entire thing is hinged on the app actual signing keys so the next thing that we're going to do is we're going to put claims within our token remember that we have this thing called claims which are basically like your driver's license your passport but in more computer terms it would be things like email username is time zone use uh like I said username is paying you can put all of these things in here but in our case all that we're going to put is the email in the username and these are things that you can use to identify the user and express what the user can and cannot do within your system very similar to a role but just more flexible so we're going to go into here going to create a claim and we're going to say JWT registered and these are just the reason that we have to app add this JWT register claim names and all these funky words is because that is the standard of JWT JWT has all these funny words inside of it and it is kind of strange seeing all these worse but that's just kind of it is what it is that's kind of just the standard and I got some kind of misspelling here so let's see here okay using JWT tokens and yes that is what we want so I'm going to go down I'm going to say new claim once again and we're going to do the same exact thing JWT registered claim names. given name and we're going to say user do name so a given name is pretty much the same thing as a username okay so now what we need to do is we need to create the signing credentials signing credentials it's just a funny word for what type of encryption do you want we're going to call this uh CR call this encryption you can call this but I'm going to call this creds and I'm going to go new signing credentials so signing credentials and I'm going to go ahead I'm going to pass in the key and the the key is what you specified in your app your app settings. Json and we're going to go security algorithm and this is just the form of encryption that we want to use so I'm going to go hmx Shaw so hmx Shaw 512 we're going to say signature and that is just a form of encryption next thing that we're going to do is this is where we actually create the token we're going to create the token as an OP object and what's going to happen is that Net's going to take care of everything else for us and create the token so we pretty much create an object representation of the token and net takes over and says hey I got you I'm going to go ahead create this token for you and it's called security token descriptor again very funny name they've got a lot of weird names in here but it is just what it is so next thing we're going to do is you wrap it within a claims identity and a claims identity is pretty much the wallet so we have a things like a license we have a passport although you probably don't put your passport in your wallet but you get the picture and that is specific to net so we're going to go uh there's different parts of the JWT so the JWT also has uh an expiration date because you don't want the token to have too many too much of a Lifetime on it in case somebody was able to get a hold of it or actually steal somebody's token you don't want the token to last forever so we're going to go signing credentials and then we are going to go issuer and we're going to go inside here we're going to say config and say JWT JWT issuer and again we specified this in the actual um app settings. Json and then one last thing we have to create the audience and we're going to go into here we'll say JWT and we'll say audience just like that so after we've pretty much created the object representation of a token next thing that we're going to do is we're going to whip out the token Handler and the token Handler is a method that's going to you guess it create the actual token for us so we're going to say JWT security token Handler so we go down here JWT security token Handler then after that we say bar token and we you utilize our token Handler to create create the token so we say create token and then we pass in the token descriptor after this we're going to go return so this the previous method is going to create an object representation of the token and then here and actually create the token itself so but we don't want to return the token in the form of an actual object we want to return it in the form of a string and token Handler also has a nice little method called Write token that's going to return it in the form of a string so back to the symmetric security key symmetric security key is pretty much what's going to be used to encrypt it in a unique way that is only specific to our server so that people cannot mess with the actual Integrity of the token here in a second I'm going to show you that you can actually read the inside of the token but what makes JWT special is we have the symmetric security key that encrypts it and it make sure that the security token is not tampered with so we're going to go here and that looks good the next thing after this is that our signing key is not specific enough or it's not long enough so I'm going to go into here and I'm just going to add a huge string of random numbers and it's got to be very long or it's going to give you an error stating that it's not long enough it has to be like 512 bytes or something now what we need to do is we need to go down into our program.cs this is going to be really easy and we need to actually add the dependency injection so I'm going to go into here I'm going to go Builder doservices do add scoped so I'll say add scoped I'm going to say I token service and I'm going to say token service and this is going to add our dependency injection next thing that we need to do is that when we register we're actually going to return a token so on the register we need to create a new dto our dto and I'll show you here the reason I'm going to create a dto is because right now we're only returning user created but we could just return the string but I think it's better if we actually return the username the email and the token I think it just makes things look a little bit more professional but you could just totally toss the token in there if you want to but I'm not I'm choosing not to do that but that's just me you don't even have to so I'm going to go inside the account we've already created a registered dto then I'm going to go up here and I'm going to create a new user dto and then what we want to return is a prop so we're going to go prop we're going to go string we're going to return our user name then we're going to return the password or not the password I'm sorry we're going to return the email okay so we're going to return the email and then after this this is when we're going to actually return the token so I'm going to say string I'm going to go over here and I going to say token okay so now what we need to do is we need to go back into our actual controller and we're going to import our token service so I'm going to go private uh readon I token service I'm going to say token service I'm going to do the exact same thing for the Constructor so I'm going to say I token service token service spelled service wrong and then go here and we're going to say token service token service looking good okay so going down into the register all that we need to do is go inside of here so go ahead get rid of the user okay then we're going to go down here and we're going to say new and say new user dto user dto then go down here we're going to say user name is equal to app user. username and we're going to say email is equal to app user. email and say token is equal toore token service and all we have to do is just go ahead toss it within our token service so say app user just like that looking good and I think that that is pretty much it so let's go ahead I'm going to do a cold restart fingers crossed we did did a lot of work here so fingers crossed that it works going to go ahead reopen this back up CD inside API and go.net watch Run Okay so started up correctly now what we need to do is go inside of our register I'm going to say investor 2222 I'm going to put two twos in there investor 222 v2222 gmail.com and I'm going to go passwor 2222 looking good and we've got our token so let's go into here let's take this token and let's make sure that our token is what we want so I'm going to go into JWT decode so I'm I just typed in JWT decode on Google and I'm going to go into here and I'm just going to go ahead and paste it and make sure that it looks like what we want so got our email we've got our given name our issuer and our audience looks good everything is looking correct the only thing that we need to do now is actually do our login so anyways next video is going to be login I hope that you guys enjoyed this if you did Smash that like button smash that subscribe Button as always thank you for watching
Info
Channel: Teddy Smith
Views: 2,509
Rating: undefined out of 5
Keywords: software development, programming, engineering
Id: lZu9XcZit2Y
Channel Id: undefined
Length: 17min 15sec (1035 seconds)
Published: Wed Jan 24 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.