Update the MVC sample to include an authorization policy using the scopes contained in the token

aspnet-contrib / AspNet.Security.OpenIdConnect.Samples

ASP.NET Core samples demonstrating how to use the OpenID Connect server with MVC or JS apps

64 stars 31 forks source link

Update the MVC sample to include an authorization policy using the scopes contained in the token #6

Closed kevinchalet closed 3 years ago

kevinchalet commented 8 years ago

/cc @DovydasNavickas

kevinchalet commented 8 years ago

@DovydasNavickas is this something you'd like to extend to the SignalR sample? I guess it's less trivial than adding a simple AuthorizeAttribute when using raw connections :smile:

DovydasNavickas commented 8 years ago

I guess with SignalR 2.0 and authentication there's nothing as trivial as adding AuthorizeAttribute, doesn't matter if you use PersistentConnections (raw) or Hubs :smile: (I'm looking at you @davidfowl for SignalR 3.0. I could give some good feedback, when you start working on it, just ping me)

Either way, authorization policy is contained in IdentityServer, if I understand correctly, which makes it universal rather than SignalR problem, doesn't it?

kevinchalet commented 8 years ago

Either way, authorization policy is contained in IdentityServer, if I understand correctly, which makes it universal rather than SignalR problem, doesn't it?

Well, this ticket was more about the authorization policy of the resource server (that may reject tokens missing a specific scope for instance), but actually, the 2 things are linked.

Done: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Samples/commit/5ef927857f1ebb67bc741f1e0c77aea041141237 :clap: