-
Notifications
You must be signed in to change notification settings - Fork 13
Catalyst.Fabric.Authorization Client SDK Getting Started
- Fabric.Identity and Fabric.Authorization Service
In order to use Fabric.Authorization Client SDK you will need the Fabric.Authorization Service (of course), but that also means you will need the Fabric.Identity Service. You can check out how to set those up in the Fabric.Identity wiki and Fabric.Authorization wiki
- Some client application and Users created
Once you have the Fabric.Identity and Fabric.Authorization Services, you will also need to create a client application and user within Fabric.Identity. This is so you can create an access token for use with Fabric.Authorization. Check out the Fabric.Identity wiki for more details.
- .Net Standard 1.6
In order to use the client SDK, make sure to use any application that supports .Net Standard 1.6. This can be .Net Framework 4.6.1, .Net core 1.0 and many others.
Say you want to Get a user's permissions and decide if they can use your application, let's walk through this example now.
-
Download the Catalyst.Fabric.Authorization.Client from nuget.org
-
Start with your setup:
var accessToken = "your user's access token";
var client = new HttpClient();
client.BaseAddress = new Uri("http://yourserverhere/Fabric.Authorization");
var authorizationClient = new AuthorizationClient(client);
To start the code, typically an application is calling Fabric.Authorization on behalf of a user. So you will need that user's access token to get information from Fabric.Authorization. For more information on how to call Fabric.Identity for an access token, visit here.
Next, we will need to create an HttpClient and assign the BaseAddress to your Fabric.Authorization server's web address. Lastly, we pass that client into your AuthorizationClient.
- Retrieve Permissions and Validate them
So the next bit of code will do the heavy lifting. Here we will get the user permissions and then check to see if they are valid based on your specified grain and securableItem
var grain = "app";
var securableItem = "your application's name here";
var userPermissions = await authorizationClient.GetPermissionsForCurrentUser(accessToken);
var isUserAllowed = authorizationClient.DoesUserHavePermission(userPermissions, $"{grain}/{securableItem}.Your Permission");
A few things:
-
Remember grain is the top level return permission. Examples of types are app, user and patient. So, because we want to check if the user has permissions to an application, we will use app in our example.
-
SecurableItems are the "applications" that we are trying to secure. So this would be your application.
-
Next we make the call to get the user's permissions. It knows the user because of the access token.
-
Lastly, we want to verify that the user has permission, so we have to build the permission based on the format:
{grain}/{securableItem}.{permission}
We now should have the user and know permissions that user has on them.