# Fengling Auth Service

Authentication and authorization service using OpenIddict.

## Features

- JWT token issuance
- OAuth2/OIDC support
- Multi-tenant support (TenantId in JWT claims)
- Role-based access control (RBAC)
- Health check endpoint

## API Endpoints

### Get Token
```
POST /connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=password
username={username}
password={password}
scope=api offline_access
```

### Health Check
```
GET /health
```

## Default Users

- **Admin**: username=admin, password=Admin@123, role=Admin
- **Test User**: username=testuser, password=Test@123, role=User

## Running Locally

```bash
dotnet run
```

Service runs on port 5000.

## Docker

```bash
docker build -t fengling-auth:latest .
docker run -p 5000:80 fengling-auth:latest
```

## Environment Variables

- `ConnectionStrings__DefaultConnection`: PostgreSQL connection string
- `OpenIddict__Issuer`: Token issuer URL
- `OpenIddict__Audience`: Token audience

## Database

- PostgreSQL
- Uses ASP.NET Core Identity for user/role management
- Tenant isolation via `TenantId` column