Introduction to Twee Cloud and how we are doing Authentication

Twee is at the moment just an android app, with just a few small services that handles non critical features , like adds and likes on series etc.

But what we trying to accomplish with Twee Cloud is to build an ASP.NET Core Micro services architecture hosted on docker.
So we will basically blog about problems we solve while developing the solution with ASP.NET Core and also write about our approaches to different problems.

First thing we have started is that a Twee user should be able to have an account , either a "Twee"-account or sign in with their google account.

So we are doing it like this

The external clients always just have Reference Tokens to work with, So we easily can instantaneously revoke access. But to reduce load on the Auth service, we will exchange our reference token for a JWT token, so we can pass that down to the other services.

We are using IdentityServer4 (If someone is interested exactly how we are using it, We can expand on that in another post).

And to exchange our reference token to a JWT token, We have an custom grant that looks like this.

    public class ExchangeReferenceTokenGrantValidator : ICustomGrantValidator
        private readonly ITokenHandleStore _tokens;

        public ExchangeReferenceTokenGrantValidator(ITokenHandleStore tokenStore)
            _tokens = tokenStore;

        public async Task<CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request)
            var referenceToken = request.Raw.Get("reference_token");
            if (referenceToken == null)
                return new CustomGrantValidationResult("Missing Reference Token");

            var token = await _tokens.GetAsync(referenceToken);
            if (token == null)
                return new CustomGrantValidationResult("Invalid Reference Token");

            return new CustomGrantValidationResult(token.SubjectId ?? token.ClientId, GrantType, token.Claims);

        public string GrantType => "exchange_reference_token";

Taken from here

So that's basically it for authing.

Next time we are going to talk about how we implanting an data sync service. So it should work to use twee cross-platform and device.

comments powered by Disqus