Redakt Back Office authentication

Currently the back office application supports authentication through the default Redakt user authentication, and a number of OpenID Connect / oAuth2 based identity providers. Other external identity providers can be added through custom implementation.

Redakt authentication

Redakt authentication is the default built-in authentication method for the back office application. Authentication is done through a username and password combination, and the back office provides a JWT bearer token to the user for service requests. Users are added and updated in the back office application itself.

Redakt authentication can be configured through the appsettings.json file. Following are the default settings. Any configuration that you do not include in your appsettings.json file will be set to its default.

{
    "Redakt": {
        "BackOffice": {
            "Authentication": {
                "DisableBuiltInAuthentication": false,
                "TokenSigningKey": "",
                "...": { ... }  // External identity providers
            }
        }
    }
}

Disable built-in authentication

Redakt authentication is enabled by default. Set this to true if you do not want to use the built-in authentication. You will then need to configure at least one external identity provider, otherwise logging into the system is not possible.

Token Signing Key

Sets a key that is used for signing JWT bearer tokens. This key can be any random string value (e.g. a GUID string). The back office NuGet package installer autmatically generates a random key on the first install of the package.

If no key is provided, a random key will be generated at system startup. Since this key will change whenever the system is recycled, user access tokens will not be valid across system recycles. It is therefore strongly recommended to set a key here. If the back office is load balanced, setting the same signing key is mandatory, otherwise user access tokens can be invalid between requests.

OpenID Connect / oAuth2 providers

The back office supports authenticating in via external identity providers. See identity providers for more information and configuration options.