brockallen
commented
8 years ago This library is focused for the implicit flow. What flow are you looking for it to support?
Closed iberodev closed 8 years ago
brockallen
commented
8 years ago This library is focused for the implicit flow. What flow are you looking for it to support?
iberodev
commented
8 years ago The implicit flow. I have a SPA (in AngularJS) requesting an id_token and a token from the IdentityServer, doing something with the id_token retrieved and also using the access token to call a remote API.
Ideally I'd like the IdentityServer to make sure that the client requesting a token has the same secret configured in ClientSecrets.
brockallen
commented
8 years ago The implicit flow doesn't involve a client secret.
IdentityServer4 (and also IdentityServer3 as per https://identityserver.github.io/Documentation/docsv2/configuration/secrets.html) have optional client secrets. However oidc-token-manager does not seem to have a configuration field to pass a secret to the AuthorityUri.
Shouldn't this be allowed?