Should ClaimsIdentity should have IsAuthenticated as false by default ?

IdentityServer / IdentityServer4.AccessTokenValidation

IdentityServer Access Token Validation for ASP.NET Core

Apache License 2.0

544 stars 214 forks source link

Should ClaimsIdentity should have IsAuthenticated as false by default ? #92

Closed sirajmansour closed 7 years ago

sirajmansour commented 7 years ago

As per my understanding IdentityServer could be used for authorisation, authentication or both. In case one is not using OpenID and only relying on Idsrv to control access to an API, shouldn't this middleware create and set the ClaimsIdentity with IsAuthenticated as false by default ?

leastprivilege commented 7 years ago

If the token is valid -- an authenticated ClaimsIdentity is produced.

Authorization is a separate app specific concern.