Closed iberodev closed 8 years ago
This library is focused for the implicit flow. What flow are you looking for it to support?
The implicit flow. I have a SPA (in AngularJS) requesting an id_token
and a token
from the IdentityServer, doing something with the id_token
retrieved and also using the access token to call a remote API.
Ideally I'd like the IdentityServer to make sure that the client requesting a token has the same secret configured in ClientSecrets
.
The implicit flow doesn't involve a client secret.
IdentityServer4 (and also IdentityServer3 as per https://identityserver.github.io/Documentation/docsv2/configuration/secrets.html) have optional client secrets. However oidc-token-manager does not seem to have a configuration field to pass a secret to the AuthorityUri.
Shouldn't this be allowed?