diff --git a/docs/en/solution-templates/single-layer-web-application/authentication.md b/docs/en/solution-templates/single-layer-web-application/authentication.md new file mode 100644 index 0000000000..17a6f0f2c5 --- /dev/null +++ b/docs/en/solution-templates/single-layer-web-application/authentication.md @@ -0,0 +1,52 @@ +# Single Layer Solution: Authentication + +```json +//[doc-nav] +{ + "Previous": { + "Name": "Built-In Features", + "Path": "solution-templates/layered-web-application/built-in-features" + }, + "Next": { + "Name": "Database configurations in the Single-Layer solution", + "Path": "solution-templates/layered-web-application/database-configurations" + } +} +``` + +> Some of the features mentioned in this document may not be available in the free version. We're using the **\*** symbol to indicate that a feature is available in the **[Team](https://abp.io/pricing)** and **[Higher](https://abp.io/pricing)** licenses. + +The [Single Layer solution template](index.md) is fully configured for authentication. All the services and applications are configured to use the [OpenIddict](https://documentation.openiddict.com) library for authentication. They are configured in a common way for authentication. This document explains that common authentication structure. + +## OpenIddict + +[OpenIddict](https://documentation.openiddict.com) is an open-source library that provides a simple and easy way to implement an OpenID Connect server in your application. ABP has built-in modules ([OpenIddict](../../modules/openiddict.md), [OpenIddict UI **\***](../../modules/openiddict-pro.md)) to integrate OpenIddict into the solution. + +## Initial Data Seeding + +The Single Layer solution template includes an initial data seeding mechanism to create default clients (applications) and scopes for the solution, if necessary (e.g., when using an Angular UI). The `OpenIddictDataSeedContributor` class can be found in the `Data` folder of the host project. If authentication is handled by the UI application(e.g., MVC / Razor Pages), this class is not included. + +The [OpenIddict UI **\***](../../modules/openiddict-pro.md) module is added only if you select it while creating the solution. + +![new-solution-openiddict-module](images/new-solution-openiddict-module.png) + +The OpenIddict UI **\*** module provides a user interface to manage the OpenIddict entities such as applications, scopes, etc. You can manage these entities from the application UI. + +![openiddict-ui](images/openiddict-ui.png) + +### External Providers + +The authentication server handles token generation, validation, and user account management (e.g., login, registration). It uses the [Account](../../modules/account.md) or [Account Pro **\***](../../modules/account-pro.md) module. The [Account Pro **\***](../../modules/account-pro.md) module additionally supports [social logins](../../modules/account-pro.md#social--external-logins) (e.g., Google, Facebook). Social logins can be enabled, disabled, and configured directly from the application's user interface. + +![account-external-provider](images/account-external-provider.png) + +## Authentication Flows + +Applications in the solution use different authentication flows depending on the application type: + +- **MVC UI Web Application**: + Uses the [Hybrid Flow](https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth) (OpenID Connect Authentication) for user authentication. +- **SPA and Swagger Applications**: + Use the [Authorization Code Flow](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) to authenticate users. + +If the UI is a SPA application (such as an Angular app), the API host uses [JWT Bearer Authentication](https://jwt.io/introduction/) to authorize user actions. \ No newline at end of file diff --git a/docs/en/solution-templates/single-layer-web-application/images/account-external-provider.png b/docs/en/solution-templates/single-layer-web-application/images/account-external-provider.png new file mode 100644 index 0000000000..acfefeee7c Binary files /dev/null and b/docs/en/solution-templates/single-layer-web-application/images/account-external-provider.png differ diff --git a/docs/en/solution-templates/single-layer-web-application/images/new-solution-openiddict-module.png b/docs/en/solution-templates/single-layer-web-application/images/new-solution-openiddict-module.png new file mode 100644 index 0000000000..0f304a1011 Binary files /dev/null and b/docs/en/solution-templates/single-layer-web-application/images/new-solution-openiddict-module.png differ diff --git a/docs/en/solution-templates/single-layer-web-application/images/openiddict-ui.png b/docs/en/solution-templates/single-layer-web-application/images/openiddict-ui.png new file mode 100644 index 0000000000..d4d3ab5ccc Binary files /dev/null and b/docs/en/solution-templates/single-layer-web-application/images/openiddict-ui.png differ