REST API demonstrates Authentication and Authorization with JWT token. Also shows how to use diferent Authorization policies in minimap api endpoints. All using Clean Architecture, minimal API and various of design patterns.
Example API allows to:
- register user
- login user
- change user role
- get user and service info
Endpoints use different types of authorization policies.
Simply Run Auth.API and try it.
Main motivation is to write practical example of Authorization and Authentication with minimal API and Clean Architecture.
Projects folows Clean Architecture, but application layer is splitted to Core and Domain projects where Core project holds business rules and Domain project contains business entities.
As Minimal API allows to inject handlers into endpoint map methods, I decided to do not use MediatR, but still every endpoint has its own request and handler. Solution folows CQRS pattern, it means that handlers are separated by commands and queries, command handlers handle command requests and query handlers handle query requests. Also repositories (Repository pattern) are separated by command and queries.
Instead of throwing exceptions, project use Result pattern (using FluentResuls package) and for returning exact http response, every handler returns data wraped into HttpDataResponse object which contains also error messages collection and http response code.
Solution contains four layers:
- Auth.Api - entry point of the application, top layer
- Endpoints
- Middlewares (or Filters)
- API Configuration
- Auth.Infrastructure - layer for communication with external resources like database, cache, web service..
- Repositories Implementation - access to database
- External Services Proxies - proxy classes implementation - to obtain data from external web services
- Infastructure Specific Services - services which are needed to interact with external libraries and frameworks
- Auth.Core - business logic of the application
- Request Handlers/Managers/.. - business implementation
- Abstractions - besides abstractions for business logic are there abstractions for Infrastructure layer (Service, Repository, ..) to be able use them in this (core) layer
- Auth.Domain - all what should be shared across all projects
- DTOs
- General Extensions