I'm using IdentityServer4 and trying to connect an MVC app up for authentication. I currently have things working by using the implicit flow, but I have run into the problem that my access tokens are expiring and there is no refresh token support for implicit. I also read today that implicit was designed for js apps before browsers got good, and that it is not as secure as authorization code flow.
SO. I would like to get my app working with the authorization code flow. I can't find any one simple solution for this using owin. I assume there is a nice and widely automated way to have owin take care of swapping the code for an access token and all that. After extensive research online I found this snippet of code that seems to be talking about what I'm doing:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
...
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "https://schemas.quickstarts.com/roles"
}
...
});
Does anyone have any examples or other info about getting owin to do all this?
Relevant info: IdentityServer4 Client is .Net Framework 4.6
Add this code in startup use this client GrantTypes
public static ICollection<string> CodeAndClientCredentials => new string[2] { "authorization_code", "client_credentials" };
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme).AddOAuth2Introspection("token", (options) =>
{
var authorityUrl = Configuration["AUTHORITY_URL"];
options.IntrospectionEndpoint = authorityUrl + "/connect/introspect";
options.ClientId = string.IsNullOrEmpty(this.Configuration["AUTH_API_NAME"]) ? "identity_api" : this.Configuration["AUTH_API_NAME"];
options.ClientSecret = string.IsNullOrEmpty(this.Configuration["AUTH_API_SECRET"]) ? "secret" : this.Configuration["AUTH_API_SECRET"];
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With