IdentityModel / oidc-token-manager

Apache License 2.0
51 stars 36 forks source link

Client secret not implemented #45

Closed iberodev closed 8 years ago

iberodev commented 8 years ago

IdentityServer4 (and also IdentityServer3 as per https://identityserver.github.io/Documentation/docsv2/configuration/secrets.html) have optional client secrets. However oidc-token-manager does not seem to have a configuration field to pass a secret to the AuthorityUri.

Shouldn't this be allowed?

brockallen commented 8 years ago

This library is focused for the implicit flow. What flow are you looking for it to support?

iberodev commented 8 years ago

The implicit flow. I have a SPA (in AngularJS) requesting an id_token and a token from the IdentityServer, doing something with the id_token retrieved and also using the access token to call a remote API. Ideally I'd like the IdentityServer to make sure that the client requesting a token has the same secret configured in ClientSecrets.

brockallen commented 8 years ago

The implicit flow doesn't involve a client secret.