leastprivilege
commented
10 years ago You define them yourself - when you create a relying party / resource. the realm identifier becomes the scope.
Closed jghistory closed 10 years ago
leastprivilege
commented
10 years ago You define them yourself - when you create a relying party / resource. the realm identifier becomes the scope.
jghistory
commented
10 years ago Thanks! That's now working.and the client is getting two encrypted tokens back, one called __RequestVerificationToken_L2lkc3J20, and one called idsrvauth. Which of these should be given to the resource server, and how should the resource server validate the token?
Also, I don't see a refresh token there, even though my config says there should be one. The admin page of the identity server also shows no refresh tokens. What needs to be done to include a refresh token--or is it one of the tokens above?
Many thanks!
On Tue, 26 Nov 2013 01:40:23 -0800, Dominick Baier notifications@github.com wrote:
You define them yourself - when you create a relying party / resource. the realm identifier becomes the scope.
Reply to this email directly or view it on GitHub [1].
Links:
[1]
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/496#issuecomment-29278694
leastprivilege
commented
10 years ago That's definitely not working ;) What you mention here are cookies? Are you talking to the authorize controller or the token controller? Do you know how OAuth2 works?
damooooooooooh
commented
10 years ago Can I weigh in here but how can I handle a access token received from ios app? Should I create a custom handler to validate the token directly with FB and then if successful validate and issue a token from identity server?
leastprivilege
commented
10 years ago Not sure how this is related - please open a separat thread for that.
jghistory
commented
10 years ago Well, I thought I knew how OAuth2 works, because I've read the spec and used it before. Perhaps I need to know more. I've set up for Authorized Code Flow, and used a php client of the net to test it with. The PHP client is intended to connect to https://localhost/idsrv/issue/oauth2/authorize in order to authorize the user, then connect to https://localhost/idsrv/issue/oauth2/token in order to get an access token.
However, what I see using fiddler is that it connects to https://localhost/idsrv/issue/oauth2/authorize, where the full URL is: https://localhost/idsrv/issue/oauth2/authorize?response_type=code&client_id=112233445566778899&redirect_uri=https://localhost/MyTest/Success.html&scope=https://localhost/MyTest/Success.html) What you mention here are cookies? Are > you talking to the authorize controller or the token controller? Do you > know how OAuth2 works? > > --
Reply to this email directly or view it on GitHub [1]. > > Links: > ------ > [1] > https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/496#issuecomment-29323262
leastprivilege
commented
10 years ago The URL looks correct - the authorize endpoint will call you back on the redirect URI with an authorization code.
leastprivilege
commented
10 years ago OK?
jghistory
commented
10 years ago Yes. Or better. When the client sends the token that it got from the identity server to the resource server, what should the client be dong with it to verify that it is valid, and to know that it should grant access to the resource?
On Fri, 29 Nov 2013 02:32:48 -0800, Dominick Baier notifications@github.com wrote:
OK?
Reply to this email directly or view it on GitHub [1].
Links:
[1]
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/496#issuecomment-29508003
leastprivilege
commented
10 years ago Validate the JWT. Check the wiki for more info.
I will close this now. Open a new issue when you have more questions.
Hi, I've read the walkthroughs and blog posts, and I've even searched through the sample code, but I've yet to see the proper scope values for OAuth2.0 Authorization Code Grant on Identity server. What are they? Many Thanks!