Single Layer Solution: Authentication

Some of the features mentioned in this document may not be available in the free version. We're using the * symbol to indicate that a feature is available in the Team and Higher licenses.

The Single Layer solution template is fully configured for authentication. All the services and applications are configured to use the OpenIddict library for authentication. They are configured in a common way for authentication. This document explains that common authentication structure.

OpenIddict

OpenIddict is an open-source library that provides a simple and easy way to implement an OpenID Connect server in your application. ABP has built-in modules (OpenIddict, OpenIddict UI *) to integrate OpenIddict into the solution.

Initial Data Seeding

The Single Layer solution template includes an initial data seeding mechanism to create default clients (applications) and scopes for the solution, if necessary (e.g., when using an Angular UI). The OpenIddictDataSeedContributor class can be found in the Data folder of the host project. If authentication is handled by the UI application(e.g., MVC / Razor Pages), this class is not included.

The OpenIddict UI * module is added only if you select it while creating the solution.

new-solution-openiddict-module

The OpenIddict UI * module provides a user interface to manage the OpenIddict entities such as applications, scopes, etc. You can manage these entities from the application UI.

openiddict-ui

External Providers

The authentication server handles token generation, validation, and user account management (e.g., login, registration). It uses the Account or Account Pro * module. The Account Pro * module additionally supports social logins (e.g., Google, Facebook). Social logins can be enabled, disabled, and configured directly from the application's user interface.

account-external-provider

Authentication Flows

Applications in the solution use different authentication flows depending on the application type:

  • MVC UI Web Application:
    Uses the Hybrid Flow (OpenID Connect Authentication) for user authentication.
  • SPA and Swagger Applications:
    Use the Authorization Code Flow to authenticate users.

If the UI is a SPA application (such as an Angular app), the API host uses JWT Bearer Authentication to authorize user actions.

Previous
Built-In Features
Next
Database configurations in the Single-Layer solution

Contributors

Avatar ahmetfarukulu
Last updated: December 24, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

Layered vs Modular vs Microservices... Which one is best for you?

09 Jan, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More