How can i Add authentication for Jsonapi #547
Comments
|
Hi! We support all available authentication schemes. But do you need authentication (who are you?) compared to authorization(What are you allowed to do) ? If you mean the latter, we will be integrating that into v4, which is available if you use the alphas. It is also available if you checkout master. If you want authorization in v3, it is not possible atm. |
|
This sounds V interesting - is there any docs around this in the alpha?
…On Tue, Aug 27, 2019 at 8:35 AM Harro van der Kroft < ***@***.***> wrote:
Hi! We support all available authentication schemes.
But do you need authentication (who are you?) compared to
authorization(What are you allowed to do) ?
If you mean the latter, we will be integrating that into v4, which is
available if you use the alphas. It is also available if you checkout
master.
If you want authorization in v3, it is not possible atm.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#547?email_source=notifications&email_token=AABLPDBDDWJRY2PNSTZVSDDQGTKLVA5CNFSM4IPMLHG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5GZR3A#issuecomment-525179116>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABLPDBRZNFWWYUZRLACSL3QGTKLVANCNFSM4IPMLHGQ>
.
|
|
@wisepotato |
|
@wisepotato can you share any documentation for that |
|
Hi, all documentation on v4 is being worked on, together with a demo. My colleague will be finishing up a big bug before we release v4. @maurei could you share your insights on this? Also, if you look at the tests in master you will see how we use it. We support hooks in which you can hook into Is some preliminary documentation |
|
note: this documentation is not final but it will show you how we intend to use it. So use at your own risk atm. |
|
V4 looks really good!
…On Tue, Aug 27, 2019 at 10:52 AM Harro van der Kroft < ***@***.***> wrote:
note: this documentation is not final but it will show you how we intend
to use it. So use at your own risk atm.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#547?email_source=notifications&email_token=AABLPDDNZG52CJO64FZ6JE3QGT2OLA5CNFSM4IPMLHG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5HF2HA#issuecomment-525229340>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABLPDBWPX7D2YINGUXSHP3QGT2OLANCNFSM4IPMLHGQ>
.
|
|
Going to close this as its slated for V4, you can use that to develop further but it wont be finalized until release. |
|
Docs are very outdated. I need to update these. Also, I was planning on creating a boiler plate authorization project (using hooks) and writing a blog post about it. You can still the linked docs to get general idea of how they work: conceptually nothing has changed. But for the most recent syntax: best would be to see a few of the integration tests (see the JsonApiDotNetCoreExample project) and the associated methods in the interface of If you have any questions, hit me up in our gitter channel. |
|
can I Authenticate include from IJsonApiContext within the controller? |
|
I dont understand your question |
|
@maurei |
|
For this you would need to use the Resource Hooks which are introduced in v4. The implementation would look like something similar to this example from the docs Adjusted to your case, it would look something like this. It assumes the existence of a public class TeacherResource : ResourceDefinition<Teacher>
{
private readonly _IAuthorizationHelper _auth;
public PersonResource(IAuthorizationHelper auth)
{
// IAuthorizationHelper is a helper service that handles all authorization related logic
// You need to add the desired helper methods yourself in this class.
_auth = auth;
}
public override IEnumerable<Teacher> OnReturn(HashSet<Teacher> entities, ResourcePipeline pipeline)
{
if (_auth.HasRole("student")) // you'll have to implement this yourself
{
throw new JsonApiException(403, "Forbidden to view this teacher", new UnauthorizedAccessException());
}
return entities;
}
}Let me know if this is helpful |
|
I followed this step for intergret JsonApi can you explain where I initialize and how to call from the controller |
|
Can you guide me the follow of this, with JSON API v3 by one example of code |
|
_IAuthorizationHelper _auth, what is included within this class |
Authorization requires business logic in the service layer of JADNC, and there is no out of the box support for doing this easily in v3. In v4 Resource Hooks are introduced which allow this. An extensive tutorial on how to implement this in v4 will be released in the near future |
Description
I want to add authentication for JSON API,
our project had a relationship with multiple tables
example =>
there are two entity
1> student
2> Teacher
the student Entity has a many-to-many relationship with the teacher Entity
and vice-versa
Student only can view student details But in this case we use =>
student?include=teacher can get the Teachers details also how to prevent include function with
role-based from JWT token
...
Environment
The text was updated successfully, but these errors were encountered: