Closed alessandroros closed 7 years ago
leastprivilege
commented
7 years ago The old access token validation endpoint is not supported in IS4 anymore.
Either switch to local validation - or if you are using reference tokens - configure a scope name and secret in the validation middleware to use introspection.
See here for our cross version compat tests: https://github.com/IdentityServer/CrossVersionIntegrationTests
alessandroros
commented
7 years ago Oh my god is working! Thanks a lot for what you're doing with this project. Usefull examples.
ruskindantra
commented
7 years ago @leastprivilege I am using a reference token to invoke the API demonstrated in Quickstart1_ClientCredential but I keep getting an InternalServerError. I added this to my API startup.cs:ConfigureServices method hoping it would help but no luck, can you please help?
services.AddAuthentication("Bearer")
.AddOAuth2Introspection(options =>
{
options.Authority= "http://localhost:5000";
options.ClientSecret = "secret";
options.ClientId = "refclient";
options.IntrospectionEndpoint = "http://localhost:5000";
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.SupportedTokens = SupportedTokens.Both;
options.ApiName = "api1";
});for reference tokens this is all that's needed:
services.AddAuthentication("Bearer")
.AddOAuth2Introspection(options =>
{
options.Authority= "http://localhost:5000";
options.ClientSecret = "secret";
options.ClientId = "refclient";
});
Thank you @leastprivilege, some parts of that API use JWT tokens and some external parts use reference tokens, having said that won't I need both? And I think I got it working with just this:
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
options.ApiSecret = "secret";
})Note in the above that I haven't used .ClientId as my external clients can be dynamically generated (which all use reference tokens). Is that the correct way of doing it?
leastprivilege
commented
7 years ago your last snippet looks good - that's thats needed.
nivs1978
commented
4 years ago Oh my god is working! Thanks a lot for what you're doing with this project. Usefull examples.
What did your Configuration method end up looking. I spend most of the day trying to figure this out, so a working sample snippet would be great. The API samples are in .Net core, and not .Net 4.x and I need to implement IS4 in an old Classic .Net 4.6.2 application.
Hi @leastprivilege and @ivanmariychuk In relation to https://github.com/IdentityServer/IdentityServer4.AccessTokenValidation/issues/25,
I tried to use IdentityServer3.AccessTokenValidation for a "Owin WebAPI 4.6" project but when it tries to validate the access token on the IdentityServer4 I see that the service
returns 404 error. In IdentityServer Kestrel's log I notice these lines:
For cleareance I'm using IdentityServer4 with ASP.NET Core Identity integration. Logging is enabled on the identityserver4.
Am I missing something? is the identityserver4 still providing the /connect/accesstokenvalidation endpoint?
To enable the validation of the access token I only added the IdentityServer3.AccessTokenValidation library to our OWIN WebApi 4.6 project and in the Startup.cs I added:
Then I added an [Authorize] filter to a WebApi and I'm testing it using postman. On postman I pass on the header the "Authorization : Bearer access_token_as_jwt". Is this correct for testing?
If is not so, is there any guide or documentation about implementing the token validation using the implicit flow?