IdentityWebApi is a .NET 6 Web API used to manage user data and authentication in PostOShare. It depends on .NET 6 and communicates with a SQL Server database using Entity Framework core.
The following need to be available to ensure that the API and the SQL Server database can be setup:
Steps that can be used to setup the API are
git clone https://github.com/PostOShare/IdentityWebApi.git
cd IdentityWebApi\IdentityWebApi
dotnet restore
cd ..\EntityORM
dotnet restore
The API and the SQL Server instance need to be published to a cloud provider to ensure that remote connections can call the API. AWS is used as the provider to publish the API and host the instance. Steps to deploy the API and the instance are
- Create a VPC to deploy the Identity API
- Installation of DB
- Create a Lambda function, HTTP API and deploy the Identity API
The API and the SQL Server instance deployment architecture in AWS is illustrated below:
- Amazon.Lambda.AspNetCoreServer
- Amazon.Lambda.AspNetCoreServer.Hosting
- AWS.Logger.AspNetCore
- MailKit
- Microsoft.AspNetCore.Authentication.JwtBearer
- Microsoft.AspNetCore.Identity.EntityFrameworkCore
- Microsoft.AspNetCore.Identity.UI
- Microsoft.EntityFrameworkCore.SqlServer
- Microsoft.EntityFrameworkCore.Tools
These dependencies are used only in development:
- Swashbuckle.AspNetCore
- Swashbuckle.AspNetCore.Annotations
This endpoint is used to check whether login details are available.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/login-identity' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"username": "username",
"password": "password",
"registeredDate": "2024-02-28T15:01:55.693Z",
"lastLoginTime": "2024-02-28T15:01:55.693Z",
"userRole": "userRole",
"isActive": true
}'
-
200 - User exists
Sample Response
{ "refreshToken": "w0czWF0pbdd9hB4h2d1YF+I3ctdzpcfUaOmKagmsy10=", "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImdkZmdkIiwibmJmIjoxNzA5MzA0ODk5LCJleHAiOjE3MDkzMDU3OTksImlhdCI6MTcwOTMwNDg5OX0.Hw1GmtW4O245qfD11cHOCQtQ91p2inAOlm6cIjL31rU", "result": true, "error": "" }
-
400 - Invalid request, Invalid username and/or password (User does not exist)
-
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
This endpoint is used to register the user data with the given username.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/register-identity' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"username": "user",
"password": "password",
"title": "mr.",
"firstName": "Edwin",
"lastName": "Doe",
"suffix": "",
"emailAddress": "[email protected]",
"phone": "1234561234",
"userRole": "user"
}'
-
201 - User created
-
400 - Invalid request, The given account could not be registered (User exists)
-
500 - An error occurred when adding user
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An error occurred when adding user" }
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
This endpoint is used to check whether a user exists. Please note that the values for OTP and Password fields are not validated, but should be passed when making a request.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/search-identity' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"username": "user",
"emailAddress": "[email protected]",
"otp": 0,
"password": "password"
}'
-
200 - User exists
{ "refreshToken": "", "accessToken": "", "result": true, "error": "" }
-
400 - Invalid username and/or email (User does not exist), Invalid request
-
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
This endpoint is used to generate an OTP, save the OTP to DB and send the OTP to the user's email. Please note that the values for OTP and Password fields are not validated, but should be passed when making a request.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/verify-identity' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"username": "user",
"emailAddress": "[email protected]",
"otp": 0,
"password": "password"
}'
-
201 - Created
-
400 - Invalid username (User does not exist), Invalid request
-
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
500 - InternalServerError (Error when sending email)
This endpoint is used to check if the OTP response sent when validating a user is valid. Please note that the values for Email and Password fields are not validated, but should be passed when making a request.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/validate-passcode-identity' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"username": "user",
"emailAddress": "[email protected]",
"otp": 236784,
"password": "password"
}'
-
200 - OTP is valid
-
400 - Invalid username, Invalid OTP, Invalid request
-
500 - Cannot try more than maximum attempts
{ "refreshToken": "", "accessToken": "", "result": false, "error": "Cannot try more than maximum attempts" }
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
500 - An error occurred when updating the request attempt
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An error occurred when updating the request attempt" }
This endpoint is used to update key and salt of a user based on password sent in the request. Please note that the values for Email and OTP fields are not validated, but should be passed when making a request.
curl -X 'PATCH' \
'https://localhost:7224/api/v1/auth/change-credentials-identity' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"username": "user",
"emailAddress": "[email protected]",
"otp": 0,
"password": "password"
}'
-
200 - Key and Salt for the user were updated
{ "refreshToken": "", "accessToken": "", "result": true, "error": "" }
-
400 - Invalid request, Invalid username
-
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
500 - An error occurred when updating password
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An error occurred when updating password" }
This endpoint is used to create an access token based on the user's refresh token. Please note that the access token is not validated, but should be passed when making a request.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/generate-accessToken' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"refreshToken": "w0czWF0pbdd9hB4h2d1YF+I3ctdzpcfUaOmKagmsy10=",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImdkZmdkIiwibmJmIjoxNzA5MzA0ODk5LCJleHAiOjE3MDkzMDU3OTksImlhdCI6MTcwOTMwNDg5OX0.Hw1GmtW4O245qfD11cHOCQtQ91p2inAOlm6cIjL31rU"
}'
-
201 - Access token was generated
Sample Response
{ "refreshToken": "w0czWF0pbdd9hB4h2d1YF+I3ctdzpcfUaOmKagmsy10=", "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImdkZmdkIiwibmJmIjoxNzA5NjUwMzgwLCJleHAiOjE3MDk2NTEyODAsImlhdCI6MTcwOTY1MDM4MH0.D-JUimEo_6UDQvGf_ZggyXM_XoXEIaJ6R_RErMK0qa8", "result": true, "error": "" }
-
400 - Invalid request
-
500 - An internal error occurred
{ "refreshToken": "", "accessToken": "", "result": false, "error": "An internal error occurred" }
This endpoint is used to validate an access token. Please note that the refresh token is not validated, but should be passed when making a request.
curl -X 'POST' \
'https://localhost:7224/api/v1/auth/validate-accessToken' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"refreshToken": "w0czWF0pbdd9hB4h2d1YF+I3ctdzpcfUaOmKagmsy10=",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImdkZmdkIiwibmJmIjoxNzA5MzA0ODk5LCJleHAiOjE3MDkzMDU3OTksImlhdCI6MTcwOTMwNDg5OX0.Hw1GmtW4O245qfD11cHOCQtQ91p2inAOlm6cIjL31rU"
}'
-
200 - Access token is valid
-
400 - Invalid request, Token is expired
400 - The token is invalid
{ "refreshToken": "", "accessToken": "", "result": false, "error": "The token is invalid" }