README.md

Third Party's Development Manual

Table of Content

1. Audience

2. Development

3. Protocols

• 3.1. NestJS:

• 3.2. NetCore

• 3.4 Angular

• 3.5 React

• 3.6 Next.js

4. Info links

• 4.1 Angular:

• 4.2 React

• 4.3 NestJS:

Audience

This manual is written for customers of Digital Iceland's authentication system.

Customers of the authentication system are considered any third-party agent with an administrative authority over the web/system of the appropriate institutions (owners, authorized signatories) and the technical teams of the appropriate institutions (programmers, service- and hosting providers).

Development

The authentication system uses OpenID Connect provider which implements OpenID and OAuth 2.0 protocols.

For further information about the OAuth 2.0 standards follow this link: https://oauth.net/2/

Protocols:

Following are some sample projects implemented to show third-party developers how to connect to the authentication system in various languages and platforms. An overview of all the sample projects can also be seen in this repository: https://github.com/island-is/identity-server.samples. All the sample projects talk to the island.is sandbox for the authentication system. All the projects are setup so that to change the connection from the sandbox to the real authentication system you only need to change environment variables. https://github.com/island-is/identity-server.sandbox

• NestJS:

  We implemented two different NestJS services that use island.is authentication service.

  1. A service with an implemented "Jwt" auth-guard with a registered audience to island.is authentication service that can be added as a guard to controllers or functions, meaning that it´s only possible for tokens issued by island.is authentication service with a specific scope to call those controllers or functions. It comes implemented with the OpenApi specification using Swagger and the Swagger Authorization functionality so that you can generate tokens from island.is authentication service using Swagger and call the functions in the service without getting a 401 code. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/nestjs

  2. A service that is not protected by an oidc-provider but implements a call to a demo service that uses island.is authentication service as an oidc-provider. To do that the service needs to call the island.is authentication service to get a client_credentials token. The purpose of this service is to show the implementation of how to get a client_credentials token from the island.is authentication service using NestJS. It comes implemented with the OpenApi specification using Swagger but not the Swagger Authorization functionality. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/nestjs

• NetCore

  We implemented two different .NetCore services that use island.is authentication service.

  1. A service that uses island.is authentication service as an oidc-provider with a registered audience, meaning that it´s only possible for tokens issued by island.is authentication service with a specific scope to call the controllers or functions in the service marked with the Authorization flag. It comes implemented with the OpenApi specification using Swagger and the Swagger Authorization functionality so that you can generate tokens from island.is authentication service using Swagger and call the functions in the service without getting a 401 code. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/demo-apis/NetCoreDemoApi

  2. A service that is not protected by an oidc-provider but implements a call to a demo service that uses island.is authentication service as an oidc-provider. To do that the service needs to call the island.is authentication service to get a client_credentials token. The purpose of this service is to show the implementation of how to get a client_credentials token from the island.is authentication service using NestJS. It comes implemented with the OpenApi specification using Swagger but not the Swagger Authorization functionality. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/netCore

• Angular

  An angular client that demonstrates how you can generate and use the token from island.is authentication service. It also demonstrates how you can then use that token to call a function in one of the demo services in .NetCore or NestJS. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/angular

• React

  A react client that demonstrates how you can generate and use the token from island.is authentication service. It also demonstrates how you can then use that token to call a function in one of the demo services in .NetCore or NestJS. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/react

• Next.js

  A next.js client that demonstrates how you can generate and use the token from island.is authentication service. It also demonstrates how you can use that token to call a function in one of the demo services in .NetCore or NestJS. https://github.com/island-is/identity-server.samples/tree/feature/adding-sample-projects/nextjs

Info links

More information about how to connect with the authentication system in each developing environment can be found following these links:

• Angular:

  • https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client

• React:

  • https://medium.com/@franciscopa91/how-to-implement-oidc-authentication-with-react-context-api-and-react-router-205e13f2d49

  • https://github.com/skoruba/react-oidc-client-js

• NestJS:

  • https://auth0.com/blog/developing-a-secure-api-with-nestjs-adding-authorization/