Open bpatra opened 8 years ago
bpatra
commented
8 years ago The problem is that the cookie is http only which means that the cookie cannot be manipulated via javascript and sent using dialogAPI.
We could switch to a token based (bearer) authentication approach instead.
bpatra
commented
7 years ago See my question on how replacing cookie authentication by OAUTH token with OWIN middleware http://stackoverflow.com/questions/40109510/replacing-cookie-by-token-based-authentication-in-asp-net-owin-openidconnect-cod
In the current version of the sample we use a web socket to complete authentication flow, even when the flow used a dialogAPI.
We do not communicate from child window to parent window (that is one of the very purpose of dialogAPI). We rely on SignalR to set the Cookie to the parent window.
In some environment, web socket do not work so we should completely ignore them and use the messaging capabilities of dialogAPI.