Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to implement Authorization Code flow with Owin

I'm using IdentityServer4 and trying to connect an MVC app up for authentication. I currently have things working by using the implicit flow, but I have run into the problem that my access tokens are expiring and there is no refresh token support for implicit. I also read today that implicit was designed for js apps before browsers got good, and that it is not as secure as authorization code flow.

SO. I would like to get my app working with the authorization code flow. I can't find any one simple solution for this using owin. I assume there is a nice and widely automated way to have owin take care of swapping the code for an access token and all that. After extensive research online I found this snippet of code that seems to be talking about what I'm doing:

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ...
            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
                RoleClaimType = "https://schemas.quickstarts.com/roles"
            }
            ...
        });

Does anyone have any examples or other info about getting owin to do all this?

Relevant info: IdentityServer4 Client is .Net Framework 4.6

like image 678
Josh Avatar asked Jul 03 '26 22:07

Josh


1 Answers

Add this code in startup use this client GrantTypes

public static ICollection<string> CodeAndClientCredentials => new string[2] { "authorization_code", "client_credentials" };

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme).AddOAuth2Introspection("token", (options) =>
{
    
    var authorityUrl = Configuration["AUTHORITY_URL"];

    options.IntrospectionEndpoint = authorityUrl + "/connect/introspect";
    options.ClientId = string.IsNullOrEmpty(this.Configuration["AUTH_API_NAME"]) ? "identity_api" : this.Configuration["AUTH_API_NAME"];
    options.ClientSecret = string.IsNullOrEmpty(this.Configuration["AUTH_API_SECRET"]) ? "secret" : this.Configuration["AUTH_API_SECRET"];
});
like image 132
Rajat Jha Avatar answered Jul 09 '26 06:07

Rajat Jha



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!