leastprivilege
commented
5 years ago As the name implies, we only care about compat with Identityserver
Closed madhub closed 5 years ago
leastprivilege
commented
5 years ago As the name implies, we only care about compat with Identityserver
madhub
commented
5 years ago Ok, how about IdentityModel.AspNetCore.OAuth2Introspection does it supports 3rd party OAUTH2 server.
If yes, how do I configure it to send the clientid & client secret in Http Authoriztion Header , currently its sends in HTTP POST body.
leastprivilege
commented
5 years ago It's implemented on the v4 branch -
Nuget is here: https://www.nuget.org/packages/IdentityModel.AspNetCore.OAuth2Introspection/4.0.0-aultmore
I am planning to release this soon. give it a try.
madhub
commented
5 years ago Ok, will try out.
I see the example in the oauth introspection spec & RFC 7662 shows sending client id & secret in authorization header, curious to know the reason behind sending client id & client secret in HTTP body instead of authorization header in IdentityServer4.AccessTokenValidation & IdentityModel.AspNetCore.OAuth2Introspection library.
leastprivilege
commented
5 years ago They are both allowed. Please open a feedback issue in the introspection repo.
Hi I am using IdentityServer4.AccessTokenValidation nuget to do OAUTH2 introspection to 3rd party OAUTH2 server, is it recommended to use IdentityServer4.AccessTokenValidation for any 3rd party OAUTH2 server. If yes, how do I configure it to send the clientid & client secret in Http Authoriztion Header , currently its sends in HTTP POST body.
Madhu