1.0.0 Project initialization REST API with simple authentication and authorization mechanism by two routes: /authenticate and /authorize. A client/consumer can do only two things: - Authentication: An user name and a password are required in the request body. The request type is POST. The output is an object with the following structure: { token: { raw: "***", validFrom: "", validUntil: "" }, status: "SUCCESS" } - Authorization: The request type is also POST and and its scope is to authorize a token. The input is just the token in string format: { token: "***" } For .NET consumers there are two nuget packages developed to facilitate the integration with this Tuitio server: - Tuitio.PublishedLanguage: It contains constants and classes for data transfer objects. - Tuitio.Wrapper: It compose and executes all the REST requests to the Tuitio server and offers to a consumer a simple interface with all methods. This interface can be injected with dependency injection at consumer startup with UseTuitioServices method. The only input is the server base address. - The source of this nugets is public, but on my personal server: https://lab.code-rove.com/public-nuget-server/nuget 1.0.1 ◾ Big changes in token structure. Now the token format is base64 and contains a json with all user data like username, first name, last name, profile picture url, email address and a list of claims that can be configured from the database for each user independently. ◾ The generation and validation mechanism for the token has been rewritten to meet the new token structure. ◾ The complexity of user information has grown a lot. All users have now besides the data from token other information such as statuses, failed login attempts, last login date, password change date and security stamp. ◾ All tokens are persisted in the database and the active ones are reload at a server failure or in case of a restart. 1.1.0 ◾ Upgrade all projects to .NET 5 ◾ Upgrade packages MicrosoftExtensions, AutoMapper, EntityFramework, Netmash 1.1.1 ◾ Added Netmash.Infrastructure.DatabaseMigration ◾ Organized sql scripts to meet database migrator requirements 1.1.2 ◾ Store and compare passwords as hash to improve system security 1.1.3 ◾ Upgrade the migration service to version 1.1.0. Migration metadata is now stored in the sql server database. 2.0.0 ◾ Tuitio rebranding ◾ .NET 6 upgrade ◾ Nuget packages upgrade ◾ Added Seq logging ◾ Refactoring and code cleanup ◾ Added README.md file 2.1.0 ◾ Tuitio refactoring ◾ Added account logout method ◾ Tuitio performance optimizations 2.2.0 ◾ Added unit testing with xunit ◾ Added some tests 2.3.0 2023-03-27 19:20 Added "user-info" method in API ◾ The "user-info" method returns the data of the authenticated user. ◾ Added http context accessor and authentication handler ◾ Added user contact options ◾ Published new versions of Tuitio's nuget packages 2.4.0 2023-04-03 01:14 Added user groups and roles ◾ From this version, any user can be assigned to groups and can have roles. ◾ Each user group can have roles that will be applied to all users who are part of the group. 2.4.1 2023-04-07 19:12 Authentication handler changes ◾ The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute. 2.4.2 2023-04-08 01:48 Added user roles and groups in authorization result ◾ The authorization result will contain the user role and group codes. They are very useful for an application because after the token is authorized, the application can directly validate its internal permissions based on roles or groups, without calling another method to obtain this information. ◾ In addition to these changes, some refactorings were also made. ◾ The token "expires in" information measuring unit was changed from milliseconds to seconds. ◾ New versions of nuget packages have been released.