search

aspnet-contrib / AspNet.Security.OpenIdConnect.Samples

ASP.NET Core samples demonstrating how to use the OpenID Connect server with MVC or JS apps
64 stars 31 forks source link

[doc] Add minimal explanation about solutions in MVC sample #10

Closed BrainCrumbz closed 8 years ago

BrainCrumbz commented 8 years ago

While looking at MVC sample and trying to have a better understanding of how to use those samples, it would be good to have a minimal explanation on why there are two projects (Mvc.Client and Mvc.Server), what are their roles/ functions in the context of OpenIdConnect authentication.

They both provide a server application (although the former is dubbed client), they both have a wwwroot directory with client-side assets and/or scripts, so it is not immediately evident what are they for.

A simple and effective way to document that could be in a readme.md in that sub-directory.

Thanks!

kevinchalet commented 8 years ago

Why there are two projects (Mvc.Client and Mvc.Server), what are their roles/ functions in the context of OpenIdConnect authentication.

Basically:

A simple and effective way to document that could be in a readme.md in that sub-directory.

Great idea. Would you like to submit a PR to fix that? :smile:

BrainCrumbz commented 8 years ago

Thanks for your feedback.

Sorry, not everything looks totally clear yet.

  1. What resources/ pages/ API endpoints does the Mvc.Client web application offers to the user (or to this system we're looking at) ?
    1. Is there a meaningful client-side code to be aware of? Or is logic all on server-side?
  2. The same question for Mvc.Server.
    1. Being an authorization server, shouldn't it provide the API endpoints for requiring/ refreshing tokens? Why then it's an MVC app?
    2. Being a resource server, how does it offer resources to user? As an MVC app, with views, controllers, etc.?
    3. Is there a meaningful client-side code to be aware of? Or is logic all on server-side?

Just to make it clear, it would be nice to give to visitor a picture of what is the context of this sample, before one starts digging into code, so that if she's looking for a particular scenario or use case, she knows where to look at. And first of all, she knows if this example fits her needs.

Great idea. Would you like to submit a PR to fix that? :smile:

That was expected :smile: Happy to submit as soon as things are clear enough

kevinchalet commented 8 years ago

What resources/ pages/ API endpoints does the Mvc.Client web application offers to the user (or to this system we're looking at) ?

HomeController allows you to make an API query using the access token retrieved during the authorization process.

Is there a meaningful client-side code to be aware of? Or is logic all on server-side?

Nope, nothing interesting in the JS part, everything is handled server-side.

Being an authorization server, shouldn't it provide the API endpoints for requiring/ refreshing tokens? Why then it's an MVC app?

It does. MVC is just used to display the consent form (AuthorizationController) and to offer a tiny token-protected API sample (ResourceController)

Being a resource server, how does it offer resources to user? As an MVC app, with views, controllers, etc.?

Take a look at the resource controller. There's no views for the resource server part since it's just an API. The views are exclusively used for the consent pages.

Is there a meaningful client-side code to be aware of? Or is logic all on server-side?

Same answer as above.

BrainCrumbz commented 8 years ago

Please have a look at PR #11