We're using App Commercial and the Microservices template.
We want to build a custom UI with Vue JS as the front end and using the API's in the micro-services on the back end. I'm having a hard time figuring out which services and API(s) to use to login a user to get an access token and the permissions for their roles.
It seems the login from a web app is only through a redirect to the MVC Authentication app. Is that accurate?
If not, can someone guide me?
Thank you.
5 Answer(s)
-
1
It seems the login from a web app is only through a redirect to the MVC Authentication app. Is that accurate?
hi
You can use
oauth2-oidclibrary in vue like angular-oauth2-oidcabp supports authorization code and password grant types to get access token and id token.
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type https://developer.okta.com/blog/2018/06/29/what-is-the-oauth2-password-grant#the-oauth-20-password-grant
-
0
It seems the login from a web app is only through a redirect to the MVC Authentication app. Is that accurate?
hi
You can use
oauth2-oidclibrary in vue like angular-oauth2-oidcabp supports authorization code and password grant types to get access token and id token.
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type https://developer.okta.com/blog/2018/06/29/what-is-the-oauth2-password-grant#the-oauth-20-password-grant
Thank you but that doesn't really answer my question.
We'd like to use the abp modules/libraries rather than write our own OAUTH flow.
Going through the code on GitHub it looks like the login route (for example) is used in the Nuget package that contains the MVC app. abp/modules/account/src/Volo.Abp.Account.HttpApi/Volo/Abp/Account/AccountController.cs
What I'd like to know is if those routes can be exposed as external REST API's that can be called using Axios or Ajax from the Vuejs app.
Thanks
-
0
We'd like to use the abp modules/libraries rather than write our own OAUTH flow.
The template project is already integrated with Identity Server or OpenIddict. You don't need to write any code.
What I'd like to know is if those routes can be exposed as external REST API's that can be called using Axios or Ajax from the Vuejs app.
On the contrary if AJAX returns token this may require more code.
-
0
We'd like to use the abp modules/libraries rather than write our own OAUTH flow.
The template project is already integrated with Identity Server or OpenIddict. You don't need to write any code.
What I'd like to know is if those routes can be exposed as external REST API's that can be called using Axios or Ajax from the Vuejs app. yo
On the contrary if AJAX returns token this may require more code.
Hi and thanks again for your quick response. I may not be asking the question correctly so I'll try to be more specific.
We need to be able to get the authentication / authorization credentials that are used in the [Authorize] interface of the microservices.
We will have a custom web application built with Vuejs and we will also need to expose REST API's to some of our clients who are using other applications.
So, the work flow would look something like this:
- Web application or external application calls a login API to authenticate the user/system and get an access token and other credentials back.
- Web application or external application access other microservices via REST APIs or an API gateway, passing the appropriate authorization credentials in the API request headers.
- Our Vuejs web application would also use the user's roles and permissions to control what is accessible in the UI.
We do not want a redirect to another application UI for authentication given that we'll also have external applications accessing the API's directly.
I realize we'll have additional code to write, but can we use the Abp modules (specifically Account, Identity and OpendIDDict) for the above using only REST API's? If so, how would we go about doing that?
Thanks
-
0
hi
You can call the
tokenendpoint withusernameandpasswordto get access_token, Then you can use this token to call the API, same as the web application.https://identityserver4.readthedocs.io/en/aspnetcore1/quickstarts/2_resource_owner_passwords.html https://developer.okta.com/blog/2018/06/29/what-is-the-oauth2-password-grant#the-oauth-20-password-gran,t
