Closed Dave3of5 closed 6 years ago
brockallen
commented
7 years ago Consider IdentityServer for issuing tokens, and oidc-client for your SPA to obtain tokens.
https://github.com/IdentityServer/IdentityServer4/ https://github.com/IdentityModel/oidc-client-js/
Dave3of5
commented
7 years ago @brockallen Nice plug ;-) but all the documentation on IdentityServer4 still references version 1.1 and the examples don't seem to work anymore in v2.0.
I also notice this : IdentityServer/IdentityServer4/issues/1055 which is still open so IDS4 for the moment is a no go.
brockallen
commented
7 years ago It's closer than the Microsoft one :)
PeterWone
commented
6 years ago @brockallen I've used (or more accurately used, misused and abused) Identity Server with Durandal. That I liked it does not change the fact that it requires a level of understanding on the part of the developer that isn't widespread. This stuff needs to be baked into the template (a) to make it ubiquitous (b) to make implementation consistent (c) to prevent incompetent implementation which is worse than no security at all.
brockallen
commented
6 years ago Security requires a level of understanding on part of the developer. Sorry.
And FWIW, IdentityServer4 has been released for ASP.NET Core 2.
Eilon
commented
6 years ago This issue was moved to aspnet/templating#81
There seems to be no template for authentication on the SPA templates.
I've been looking up various blog post and third party articles on how to add Jwt Authentication but they are scattered and most are for dotnet core 1.1. It would be nice if there was a template that showed the "correct" way to do this in dotnet core 2.0.