Authorization sample for Rest Api on ASP.NET 8.
The project implements a clean architecture, CQRS pattern, Repository pattern.
Authorization is accomplished using a JWT access token and a refresh token. The access token is used to authorize the user, the refresh token is used to update a pair of tokens. The refresh token is recorded in the database and allows each user to have 5 active devices at the same time.
-
database - MsSQL database container.
-
app - container for all application layers.
-
Build and start Docker images based on the configuration defined in the docker-compose.yml.
make up // docker-compose up --build -
Stop and remove containers.
make down // docker-compose down
-
Swagger documentation
http://localhost:5000/swagger/index.html
POST /api/auth/register(allows to create an account)
name type data type required string password required string
http code content-type response 201application/json"0647ce88-2e36-421a-7314-08dbffe1c4a0"409application/jsonEntity: User (user@example.com) already exists400application/jsonValidation errors
POST /api/auth/login(allows to login)
name type data type required string password required string
http code content-type response 200application/jsonand HttpOnly Cookie{"accessToken": "eyJhbGc...", "type": "Bearer" }cookie: refreshToken=Wna@3da...; Expires=...; Secure; HttpOnly; Domain=...;403application/jsonEntity: User (user@exampe.com) doesn't exist or your password is incorrect400application/jsonValidation errors
(Requires refresh token in the Cookies)
POST /api/auth/refresh(allows to refresh access and refresh tokens)
Http Only cookie
refreshToken=WnaMQ3j...; Expires=Sat, 23 Dec 2025 16:01:54 GMT; Path=/; Secure; HttpOnly; Domain=...;
http code content-type response 200application/jsonand HttpOnly Cookie{"accessToken": "eyJhbGc...", "type": "Bearer" }cookie: refreshToken=Wna@3da...; Expires=...; Secure; HttpOnly; Domain=...;401application/jsonRefresh token isn't valid401application/jsonRefresh token is outdated
(Requires JWT token in the header)