By virtue of leveraging ASP.NET Core 3.x Endpoints ServiceComposer automatically supports authentication and authorization metadata attributes to express authentication and authorization requirements on routes. For example, it's possible to use the Authorize attribute to specify that a handler requires authorization. The authorization process is the regular ASP.NET Core 3.x process and no special configuration is needed to plugin ServiceComposer:
public class SampleHandlerWithAuthorization : ICompositionRequestsHandler
{
[Authorize]
[HttpGet("/sample/{id}")]
public Task Handle(HttpRequest request)
{
return Task.CompletedTask;
}
}