I’m doing a project with a guy mentoring me. He gave me a task to make a web api project following clean architecture and with jwt authentication. I have Pluralsight subscription if that helps.
ASP.NET Core – Authentication & Authorization Tutorial (Claims/Identity/oAuth/oidc/IdentityServer4) Raw Coding
This is the best one I’ve found ever. It goes through everything.
Yes. Starting from zero to oauth/openid with identity server
so I don’t know about tutorials
But I made this concrete implementation that I know others have found helpful.
https://github.com/wdunn001/AuthServer
it contains OAuth, OpenId implementation, Automated SQL migration, and Federated Services provider integration
ASP.NET Core 2.2 & 3 REST API Tutorial
Videos 10-14 may be of some help
When I was doing something similar I found a lot of the tutorials had missing or false information, here’s a boilerplate I made that implements jwt in net core 3.1 which should give you all the info you need (similar to one of the other posts here but using local user storage via the identity system instead of oauth) :
https://github.com/thespragg/VDCM-stack-Boilerplate
In particular:
server/startup.cs
server/middleware/authentication.cs
server/helpers/JWTprovider.cs
I went through this course and felt the section on authentication with JWT was pretty good
https://www.udemy.com/share/103bzrA0MYc1ZTR34=/
I know you’re looking for a course, but if you use Auth0, they have very good documentation on setting up a new API using oauth.
Just an FYI, the tutorial referenced that use IdentityServer4 are okay to learn about authentication, but IdentityServer4 is no longer open source.
They are charging for use now. If you need something similar maybe try https://fusionauth.io/ They have a great interface and great tutorials as well. I am not affiliated with this group, but we were using IdentityServer for authentication until they switched their model, and this was the best replacement we could find.
You can still use the open source IdentityServer 4 repo. They are simply moving new feature work over to the new company. Bug fixes and security updates will still be provided through November 2022, for the open source package. Just won’t get new features from what I have gathered.
Fundamentally jwt is just 2 json blobs and a hash that are base 64 encoded. The base 64 encoded values are concatenated with “.” The first blob carrys properties that describe the jwt (who created, when it’s good or expires, etc). The second blob carrys user data (claims, etc). The third blob is just a hash of the first two blobs so that the consumer can verify the jwt hasn’t been tampered with.
With authentication the authentication server creates the jwt and populates the user claim information (name, groups, roles, other data, etc) and encrypts with private key (if secrecy is needed) and signs with public key (to verify creator) and hashes with a public algorithm (to verify no tampering). The consuming app can decrypt, validate signature, and verify the jwt hash and then trust the data contained within.
There are a lot of specifics in implementation details but this is the 60,000 ft view of what jwt is doing. .NET does have a lot of libraries to support a lot of this magic (create token, validate token, create IIdentity object for authorization) A lot of good reference links have been given so I don’t want to reproduce them but just want to ensure you have the fundamental idea of what is going on.
Sometimes the over complicated details of the implementation marks the simplicity of the solution
Jwt is a great tool for passing secure data between apps over a public network.
The reality is that there isn’t a good tutorial on this for asp core and the msdocs themselves are horrid as they seem to forget webapis exist. IdentityServer is a HEAVY solution for a simple api and possibly more of a hassle then it’s worth.