Microservice Solution: Authentication

You must have an ABP Business or a higher license to be able to create a microservice solution.

The microservice solution template is fully configured for authentication. All the services and applications are configured to use the OpenIddict library for authentication. They are configured in a common way for authentication. This document explains that common authentication structure.

OpenIddict

OpenIddict is an open-source library that provides a simple and easy way to implement an OpenID Connect server in your application. ABP has built-in modules (OpenIddict, OpenIddict UI) to integrate OpenIddict into the solution.

Identity Service

The microservice solution template has the identity service that is responsible for the OpenIddict definitions (Applications, Scopes, etc.). Also, it provides the OpenIddictDataSeeder class to seed the initial data. It creates the default clients (applications) and scopes for the solution. Each microservice has its own scope and the web applications use these scopes to get access to the microservices. So, when you add a new microservice, you should add a new scope and add the allowed scopes for related clients (applications).

The OpenIddict UI module is added to the identity microservice only if you choose the OpenIddict UI module while creating the solution.

new-solution-openiddict-module

The OpenIddict UI module provides a user interface to manage the OpenIddict entities such as applications, scopes, etc. You can manage these entities from the application UI.

openiddict-ui

The Authentication Server

The solution has an authentication server (auth-server) application to provide the token generation, validation and account (login, register, etc) pages. It uses the account module. The account module also provides the social logins (Google, Facebook, etc.) feature. You can enable/disable and configure the social logins from the application UI.

account-external-provider

Authentication Flows

The applications use several flows to authenticate users based on the application type. The MVC UI web application uses the hybrid flow (OpenID Connect Authentication) to authenticate users, while the SPA and Swagger applications use the authorization code flow to authenticate users. After the user logs into the system and receives the token from the authentication server, the applications (microservices) use JWT Bearer Authentication to authorize users.


Contributors


Last updated: July 31, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

What’s New with .NET 9 & ABP 9?

21 Nov, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More