search

FormidableLabs / react-native-app-auth

React native bridge for AppAuth - an SDK for communicating with OAuth2 providers
https://commerce.nearform.com/open-source/react-native-app-auth
MIT License
2.03k stars 440 forks source link

Retrieve AspNetIdentity cookie returned by Duende IdentityServer4 (.NET Core) #1032

Closed michelebombardi closed 2 days ago

michelebombardi commented 1 week ago

Issue

The Identity serve that I'm using is based on Cookie authorization. When I call authorize method (so authorize endpoint) on my server the authorization code flow is performed as expected and access token and refresh token are returned correctly, but not the AspNetIdentity cookie needed (together withe the Access Token) to access API resource on the server.

This is my server-side Client configuration:

"App.Mobile.AC": {
  "Enabled": true,
  "Profile": "NativeApp",
  "ClientId": "App.Mobile.AC",
  "ClientName": "AppMobile (Code with PKCE)",
  "ClientSecrets": [
    {
      "Value": "u********************************************"
    }
  ],
  "AllowedGrantTypes": [ "authorization_code" ],
  "AllowedScopes": [ "AppAPI", "openid", "profile", "offline_access" ],
  "AlwaysIncludeUserClaimsInIdToken": true,
  "AllowAccessTokensViaBrowser": false,
  "AlwaysSendClientClaims": true,
  "AllowOfflineAccess": true,

  "RedirectUris": [ "it.organization.app:/oauthredirect" ],
  "RequireClientSecret": false,
  "RequirePkce": true
}

On react-native (client-side), this is my configuration:

static config: AuthConfiguration = {
    issuer: `${apiConfig.url}`,
    clientId: 'App.Mobile.AC',
    redirectUrl: 'it.montecavallo.willness:/oauthredirect',
    scopes: ['AppAPI', 'openid', 'profile', 'offline_access'],
    additionalParameters: {
      prompt: 'login', 
      display: 'touch',
    }
  };

The response of authorize method is fine and fully populated BUT how can I retrieve the AspNetIdentity cookie that I need to perform requests?

Is it that possible?

P.S. I've already tried with react-native-cookies library without any success.

Environment

carbonrobot commented 2 days ago

React Native App Auth is specifically designed to handle the Authorization Code Flow of OAuth2.0. It does not support other flow types.