User Management
Moka.Auth provides comprehensive user management capabilities through the IUserService interface and REST API endpoints.
User Operations
Creating Users
// Via dependency injectionpublic class YourService{ private readonly IUserService _userService;
public YourService(IUserService userService) { _userService = userService; }
public async Task CreateUserAsync() { var user = new MokaUser { UserName = "john.doe", FirstName = "John", LastName = "Doe" };
var result = await _userService.CreateAsync(user, "SecurePassword123!");
if (result) { // User created successfully await _userService.AddToRoleAsync(user.Id, "BasicUser"); } }}Retrieving Users
// Get user by IDvar user = await _userService.FindByIdAsync(userId);
// Get user by usernamevar user = await _userService.FindByNameAsync(username);
// Get user by emailvar user = await _userService.FindByEmailAsync(email);
// Get all users with paginationvar users = await _userService.GetAllUsersAsync(limit: 100, offset: 0);Updating Users
public async Task UpdateUserAsync(string userId, UserUpdateModel model){ var user = await _userService.FindByIdAsync(userId); if (user != null) { user.Email = model.Email; user.FirstName = model.FirstName; user.LastName = model.LastName;
var result = await _userService.UpdateAsync(user); if (result) { // User updated successfully } }}Deleting Users
public async Task DeleteUserAsync(string userId){ var result = await _userService.DeleteAsync(userId); if (result) { // User deleted successfully }}Role Management
Managing User Roles
// Add user to roleawait _userService.AddToRoleAsync(userId, "Admin");
// Remove user from roleawait _userService.RemoveFromRoleAsync(userId, "Admin");
// Get user's rolesvar roles = await _userService.GetRolesAsync(userId);Permission Management
Managing User Permissions
// Add permission by IDawait _userService.AddPermissionAsync(userId, permissionId);
// Add permission by nameawait _userService.AddPermissionByNameAsync(userId, "users.manage");
// Remove permission by IDawait _userService.RemovePermissionAsync(userId, permissionId);
// Remove permission by nameawait _userService.RemovePermissionByNameAsync(userId, "users.manage");
// Get user's direct permissionsvar permissions = await _userService.GetPermissionsAsync(userId);
// Get user's effective permissions (including from roles)var effectivePermissions = await _userService.GetEffectivePermissionsAsync(userId);API Key Management
Managing API Keys
// Create API keyvar apiKey = await _userService.CreateApiKeyAsync( userId: "user123", name: "Development API Key", expiresAt: DateTimeOffset.UtcNow.AddMonths(6));
// Delete API keyawait _userService.DeleteApiKeyAsync(apiKeyId);
// Get user's API keysvar apiKeys = await _userService.GetApiKeysAsync(userId);
// Validate API keyvar validatedKey = await _userService.ValidateApiKeyAsync(apiKeyString);API Endpoints
Moka.Auth provides built-in REST API endpoints for user management:
User Operations
POST /api/users- Create new userGET /api/users- List all users (paginated)GET /api/users/{id}- Get user by IDPUT /api/users/{id}- Update userDELETE /api/users/{id}- Delete user
Role Operations
POST /api/users/{id}/roles- Add user to roleDELETE /api/users/{id}/roles/{roleName}- Remove user from roleGET /api/users/{id}/roles- Get user’s roles
Permission Operations
POST /api/users/{id}/permissions- Add permission to userDELETE /api/users/{id}/permissions/{permissionId}- Remove permission from userGET /api/users/{id}/permissions- Get user’s permissionsGET /api/users/{id}/effective-permissions- Get user’s effective permissions
API Key Operations
POST /api/users/{id}/api-keys- Create API keyDELETE /api/users/{id}/api-keys/{keyId}- Delete API keyGET /api/users/{id}/api-keys- List user’s API keys
Best Practices
-
User Creation:
- Validate email addresses
- Enforce strong password requirements
- Add users to appropriate roles
- Assign necessary permissions
-
Security:
- Always validate user input
- Use secure password storage
- Implement rate limiting
- Monitor failed login attempts
- Regularly audit user permissions
-
API Keys:
- Set appropriate expiration dates
- Use descriptive names
- Rotate keys regularly
- Monitor key usage
- Store keys securely
-
Performance:
- Use pagination for large result sets
- Cache frequently accessed user data
- Optimize permission checks
- Monitor database performance