{"id":19914805,"url":"https://github.com/physer/authmicro","last_synced_at":"2026-05-12T18:33:05.818Z","repository":{"id":55556958,"uuid":"322811449","full_name":"Physer/Authmicro","owner":"Physer","description":"A demo application that shows a possible implementation of JWT-based authentication in a microservices architecture","archived":false,"fork":false,"pushed_at":"2021-03-28T08:59:57.000Z","size":334,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-01-11T23:16:56.547Z","etag":null,"topics":["authentication","authorization","csharp","dotnet","jwt","microservices"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Physer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-19T09:30:15.000Z","updated_at":"2021-03-28T08:59:59.000Z","dependencies_parsed_at":"2022-08-15T03:10:37.498Z","dependency_job_id":null,"html_url":"https://github.com/Physer/Authmicro","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Physer%2FAuthmicro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Physer%2FAuthmicro/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Physer%2FAuthmicro/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Physer%2FAuthmicro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Physer","download_url":"https://codeload.github.com/Physer/Authmicro/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241342795,"owners_count":19947266,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","csharp","dotnet","jwt","microservices"],"created_at":"2024-11-12T21:37:10.985Z","updated_at":"2026-05-12T18:33:05.782Z","avatar_url":"https://github.com/Physer.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Authmicro\n## Introduction\nAuthmicro is a demo application showcasing a potential authentication and authorization solution across Microservices from a Domain-Driven Design standpoint.\n\nThe demo consist out of 3 separate services.\n* The Authentication API\n* The Administration API\n* The Forum API\n\n## Table of contents\n- [Authmicro](#authmicro)\n * [Introduction](#introduction)\n * [How does it work?](#how-does-it-work-)\n * [How to run](#how-to-run)\n + [Using Docker](#using-docker)\n + [Using Visual Studio](#using-visual-studio)\n * [Services](#services)\n + [Authentication API](#authentication-api)\n - [Description](#description)\n - [Endpoints](#endpoints)\n + [Administration API](#administration-api)\n - [Description](#description-1)\n - [Endpoints](#endpoints-1)\n + [Forum API](#forum-api)\n - [Description](#description-2)\n - [Endpoints](#endpoints-2)\n * [Users and roles](#users-and-roles)\n * [Contributing or ideas?](#contributing-or-ideas-)\n * [Contact me](#contact-me)\n\n## How does it work?\nAuthmicro works by simulating a separate authentication service that is responsible for issuing tokens based on a user's credentials. Once a user has authenticated itself, the application is issued a token. This token can then be used to make calls to protected resources accordingly, providing the user has got the authorization to do so.\n\n## How to run\nThere are currently two ways of running the applications.\nBefore choosing either path, make sure you either download or clone this Git repository\n\nBy default, the following host mappings are used:\n| Service| Host | Port |\n|--|--|--|\n| Authentication API | localhost | 5001 |\n| Administration API | localhost | 6001 |\n| Forum API | localhost | 7001 |\n\n\n### Using Docker\n1. Make sure you have Docker and docker-compose installed\n2. From the root folder of the Git repository, run **docker-compose up -d**\n3. That's it! Your services are now running as containers according to the previously described mappings\n\n### Using Visual Studio\n1. Open and build the solution in Visual Studio\n2. Start the desired project(s) in your desired configuration\n3. By default, the Kestrel profiles (Project name in Debug toolbar) point to the previously mentioned ports\n\n**Note**\nIf you choose to pick your own hostnames and ports, make sure your configuration across the solution is updated accordingly. \n\n## Services\n### Authentication API\n#### Description\nThe cornerstone of this application is the Authentication API. This API is solely responsible for generating secure access tokens based on a user's credential. In other words, you can consume this API by giving it a username and a password. In return you'll receive an access token.\n\nThe access token that you receive is only valid for a limited period of time and is tailored specific to your user. You can only use this access token for the sources your user has the correct rights to.\n#### Endpoints\nThere is one endpoint available. Use this to authenticate your user credentials and try to receive an access token:\n\n**URL**: `/users/authenticate`\n\n**Method**: `POST`\n\n**Request body** All fields are required\n```json\n{\n\"username\": \"user.name\",\n\"password\": \"password\",\n\"audience\": \"desiredApiAccess\"\n}\n```\n**Field information**\n|Field|Value |\n|--|--|\n| username | This can be one of the users specified below |\n| password | The corresponding password |\n| audience| The audience can either be 'Administration' or 'Forum'. Depending on your selected user, you may not have access |\n\n**Success response**\nYour response will contain an access token for your specified user.\n\n*Condition*: The combination of the username, password and audience is correct\n*Code*: 200 OK\n*Content example*:\n```json\n{\n\"accessToken\": \"eyJhbGciOiJIUzIj81NiIsInR5cCI6IkpXVCJ9.eyJz67dWIiOiJqb2huLmRvZSIsImV4cCI6MTYxNjg2OTcwMywiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsIm90nmF1ZCI6IkFkbWluaXN0cmF0aW9uIiwicm9sZXMiOls0iQWRtaW5pc3RyYXRvciIsIlJlYWRlciJdfQ.ArM0TSTZNQFHqWpsOc_hb43Z67Sd0tZm90-0GTSFJT3K0L6c\"\n}\n```\n**Error responses**\n*Condition*: The combination of the username, password and audience is correct\n*Code*: 401 Unauthorized\n*Content example*:\n```json\n{\n\"type\": \"https://tools.ietf.org/html/rfc7235#section-3.1\",\n\"title\": \"Unauthorized\",\n\"status\": 401,\n\"traceId\": \"00-53ee12ec0180934687fbb21d6893193d-9410cfa4913c394c-00\"\n}\n```\n\n*Condition*: Something went wrong unexpectedly\n*Code*: 400 Bad Request\n*Content example*:\n```json\n{\n\"type\": \"https://tools.ietf.org/html/rfc7231#section-6.5.1\",\n\"title\": \"Bad Request\",\n\"status\": 400,\n\"traceId\": \"00-a229a27be4dd7e4cbb4804bedd64052d-dae1fdfbece95941-00\"\n}\n```\n\n### Administration API\n#### Description\nThe Administration API is a restricted API that can retrieve user data. In a real-life situation this could be an API giving administrators access to changing users, permissions or other sensitive data.\n#### Endpoints\nFor the Administration API, there is one endpoint available. This endpoint allows you to query user data.\n\n**URL**: `/administration/users`\n\n**Method**: `GET`\n\n**Headers** Authorization - Bearer xxxx\n\n**Success response**\nThe response contains user information\n\n*Condition*: The specified access token contains the correct credential data\n*Authentication required*: **Yes**\n*Code*: 200 OK\n*Content example*:\n```json\n[\n {\n \"id\":1,\n \"name\":\"Leanne Graham\",\n \"username\":\"Bret\",\n \"email\":\"Sincere@april.biz\",\n \"phone\":\"1-770-736-8031 x56442\",\n \"website\":\"hildegard.org\",\n \"address\":{\n \"street\":\"Kulas Light\",\n \"suite\":\"Apt. 556\",\n \"city\":\"Gwenborough\",\n \"zipcode\":\"92998-3874\",\n \"geo\":{\n \"lat\":\"-37.3159\",\n \"long\":null\n }\n },\n \"company\":{\n \"name\":\"Romaguera-Crona\",\n \"catchPhrase\":\"Multi-layered client-server neural-net\",\n \"bs\":\"harness real-time e-markets\"\n }\n },\n {\n \"id\":2,\n \"name\":\"Ervin Howell\",\n \"username\":\"Antonette\",\n \"email\":\"Shanna@melissa.tv\",\n \"phone\":\"010-692-6593 x09125\",\n \"website\":\"anastasia.net\",\n \"address\":{\n \"street\":\"Victor Plains\",\n \"suite\":\"Suite 879\",\n \"city\":\"Wisokyburgh\",\n \"zipcode\":\"90566-7771\",\n \"geo\":{\n \"lat\":\"-43.9509\",\n \"long\":null\n }\n },\n \"company\":{\n \"name\":\"Deckow-Crist\",\n \"catchPhrase\":\"Proactive didactic contingency\",\n \"bs\":\"synergize scalable supply-chains\"\n }\n }\n]\n```\n\n\n\n### Forum API\n#### Description\nThe Forum API is responsible for retrieving forum posts. These posts can be viewed by any authenticated user with a reader role. The reader role is default role, any registered user should have this role.\n\n#### Endpoints\nOne endpoint is available. To retrieve forum posts.\n**URL**: `/posts`\n\n**Method**: `GET`\n\n**Headers** Authorization - Bearer xxxx\n\n**Success response**\nThe response contain forum posts\n\n*Condition*: The specified access token contains the correct credential data\n*Authentication required*: **Yes**\n*Code*: 200 OK\n*Content example*:\n```json\n[\n {\n \"userId\":1,\n \"id\":1,\n \"title\":\"sunt aut facere repellat provident occaecati excepturi optio reprehenderit\",\n \"body\":\"quia et suscipit\\nsuscipit recusandae consequuntur expedita et cum\\nreprehenderit molestiae ut ut quas totam\\nnostrum rerum est autem sunt rem eveniet architecto\"\n },\n {\n \"userId\":1,\n \"id\":2,\n \"title\":\"qui est esse\",\n \"body\":\"est rerum tempore vitae\\nsequi sint nihil reprehenderit dolor beatae ea dolores neque\\nfugiat blanditiis voluptate porro vel nihil molestiae ut reiciendis\\nqui aperiam non debitis possimus qui neque nisi nulla\"\n }\n]\n```\n## Users and roles\nIn order to access the above mentioned endpoints and services, you'll need the required access. In order to simulate this, several (in-memory) users are available. An overview of the users and their roles follow.\n| Username | Password | Role(s) | Authorized for\n|--|--|--|--|\n| john.doe | password | Administrator, Reader | Administration, Forum\n| jane.doe | b3tt3rp4ssw0rd | Reader | Forum\n\nIn other words, only John Doe can access both the Administration API and Forum API. Jane Doe can only access the Forum API.\n\nIf a token is requested for a user and the request made doesn't correspond with the access restrictions, the user will not able to consume the API endpoint.\n\n## Contributing or ideas?\nFor all your issues, feature requests, bug reports, comments, questions and otherwise anything you'd like to mention, you can create a issue right here at Github!\n\nDo you wish to contribute and improve this project? Please fork the Git repository and make a pull request! All input is welcome. :-)\n\n## Contact me\nWould you like to get in touch with me? You can send me an e-mail at alex_schouls@live.com.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphyser%2Fauthmicro","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphyser%2Fauthmicro","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphyser%2Fauthmicro/lists"}