jeroenheijmans
commented
4 years ago For this library you need an IDS that supports Code Flow with PKCE, preferably without requiring a Client Secret (as that would not make sense for public clients).
Taken from the sample/demo IdentityServer4 instance one way to configure such clients is like this:
new Client
{
ClientId = "interactive.public",
ClientName = "Interactive client (Code with PKCE)",
RedirectUris = { "https://notused" },
PostLogoutRedirectUris = { "https://notused" },
RequireClientSecret = false,
RequireConsent = false,
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid", "profile", "email", "api" },
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse
},
new Client
{
ClientId = "interactive.public.short",
ClientName = "Interactive client with short token lifetime (Code with PKCE)",
RedirectUris = { "https://notused" },
PostLogoutRedirectUris = { "https://notused" },
RequireClientSecret = false,
RequireConsent = false,
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid", "profile", "email", "api" },
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse,
AccessTokenLifetime = 75
},Any improvement to the docs is always welcome of course, though describing the actual working of the flows themselves might to a degree be best left to other sources than this client library?
I can't seem to get the code flow to work as by design it asks for the secret which has no job being on the client.
How exactly is the interaction between the angular SPA and the backend indended to be?
The current docs are quite confusing on this. Any chance we could clear up the docs on that? I'd be happy to contribute as soon as I understand things myself.
Thanks.