Update README.md

#30
This commit is contained in:
Kun Deng
2019-06-23 13:09:40 -04:00
committed by GitHub
parent 344acc9078
commit 0e19bc35e4
+50
View File
@@ -32,6 +32,56 @@ There are several things that need to be completed to properly setup and secure
### Auth0 API configuration ### Auth0 API configuration
Securing Icarus is required, preventing the API from being publicly accessible. To do so, create an Auth0 account (it's free), for the sake of this section of the documentation, I will not go over how to create an Auth0 account. Once created, create a tentant and proceed to create an API
<h1 align=center>
<img src="Images/Configuration/create_api.png" width=100%>
</h1>
Create the API and enter an approrpiate name and identified. For the identified, append **api** like in the example
<h1 align="center">
<img src="Images/Configuration/enter_api_info.png" width=100%>
</h1>
Replace [domain] with the domain name of the created tenant. This can be found in the Default App from the Application menu. Replace [identifier] with the identifer root name in the appsettings environment file. Not the friendly name but the root name of the identifier, omitting the http protocol and the *api* path.
```Json
"Auth0": {
"Domain": "[domain].auth0.com",
"ApiIdentifier": "https://[identifier]/api"
},
```
For the sake of this section, I will not go over configuring the API to accept the signing algorithm since it has already been configured in the [Startip](Startup.cs).cs file. Click on permissions to create the permissions for the API.
<h1 align "center">
<img src="Images/Configuration/configure_api.png" width=100%>
</h1>
The permissions ensure that a validated user can interact with the API with a token that has not expired. Ensure that the permissions match, the description can change but the permission identifier must match.
<h1 align="center">
<img src="Images/Configuration/permissions.png" width=100%>
</h1>
On the left side, click on Application and create a new Application. Choose the Machine to Machine Application
<h1 align="center">
<img src="Images/Configuration/create_m2m.png" width=100%>
</h1>
With the grant permissions you created from the API, enable all the permissions. This is important because if they are not enabled then even with a valid token the request will return 403 (unauthorized)
<h1 align="center">
<img src="Images/Configuration/authorize_app.png" width=100%>
</h1>
From the Application page, copy the client id and client secret. These values will be used for the API to interact with API.
<h1 align="center">
<img src="Images/Configuration/api_cred.png" width=100%>
</h1>
Enter the information in the corresponding appsettings json file
```Json
"Auth0": {
"ClientId":"",
"ClientSecret":""
},
```
### API filesystem paths ### API filesystem paths
For the purposes of properly uploading, downloading, updating, deleting, and streaming songs the API filesystem paths must be configured. What is meant by this is that the `RootMusicPath` directory where all music will be stored must exist as well as the `ArchivePath` and `TemporaryMusicPath` paths. An example on a Linux system: For the purposes of properly uploading, downloading, updating, deleting, and streaming songs the API filesystem paths must be configured. What is meant by this is that the `RootMusicPath` directory where all music will be stored must exist as well as the `ArchivePath` and `TemporaryMusicPath` paths. An example on a Linux system: