For registration, the following is what we have to do inside the ConfigureServices method:
services.AddIdentityServer()
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddProfileService<ProfileService>()
.AddDeveloperSigningCredential();
We are loading all those config settings here, such as Resources and Clients, by calling the methods we designed. AddDeveloperSigningCredential adds a temporary key at the startup time, used only on the development environment when we don't have any certificate to apply for Authorization. You would add proper certificate details for actual use.
Mark ProfileService here. This is what I was talking about in the previous section, which will be used to validate the user credentials against the database. We will look at it in a little while. First, let's test our API, assuming that the Authorization Server is ready with ProfileService set up.
Now coming to the API, we need to add AuthenticationScheme at the start of the API to declare what Authentication we will be using. For that, add the following code:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme =
JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme =
JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = "http://localhost:57571";
o.Audience = "FlixOneStore.ReadAccess";
o.RequireHttpsMetadata = false;
});
JwtBearerDefaults.AuthenticationScheme is actually a string constant with the Bearer value. Bearer authentication is also known as token authentication. That means our clients need to send a token in order to access the API's resources. And to get the token, they need to call our authorization server, available at /connect/token.
Notice we have Audience set as FlixOneStore.ReadAccess, which we have specified for the clients inside config. Simply put, we are setting up the bearer type of authentication.