Connecting To Identity¶

To ensure users who request data from AnalyticsAPI are authenticated and authorized, AnalyticsAPI delegates Bearer tokens to the LoginService for verification.

This connection is specified at the Startup class. More specifically:

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
    {
        options.Authority = IdentityServerUrl;

        options.RequireHttpsMetadata = false;
        options.SaveToken = true;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateAudience = false
        };
    });

The IdentityServerUrl derives from the appSettings.*.json.

Retrieving user data¶

Moreover, AnalyticsAPI communicates with Login to requester user-related data.

For instance, which products a user/organization owns, or user and organization information.

To do so, we have an AuthenticationDelegationHandler class that delegates the JWT Bearer token from the original user request into the subsequent request to the Login service, therefore delegating authorization and making the request on behalf of the user.

Thus, communication is achieved in an HTTP manner (Request/Response).