Open xannywise opened 1 week ago
appie2go
commented
1 week ago Hi,
Thanks for your feedback. As you already mentioned, this is an issue that keeps reappearing. However, to answer your question correctly, please explain to me how you are intending to use OidcProxy.Net.
Thanks in advance,
Albert
xannywise
commented
1 week ago Helllo,
Thanks for the reply. Using OidcProxy.Net.OpenIdConnect im following the standard Code of the Keycloak Demo . All im trying to do is use the easiness of this package to create user authentication against the company own idp, wich works up to the point where im getting the error that my scopes are invalid, as offline_access is not a supported scope from the idp. If you need futher Information please ask away.
Thanks,
younes
appie2go
commented
1 week ago Hey,
If i understand correctly, you are using OidcProxy.Net to enable authentication and authorization using an OAuth2/Oidc identity provider?
OidcProxy.Net has not been designed with that scenario in mind. That's why it's very hard to get rid of the offline_access scope in the authorize request. However, over time the product has evolved into a product that seems to be useable for such a purpose..
Please help me understand why one would prefer using OidcProxy.Net over Microsoft.AspNetCore.Authentication. This can help me decide whether i want to support this scenario.
Cheers & thanks in advance,
xannywise
commented
1 week ago Hey,
the reason for me using OidcProxy.Net is because in my special case im not able to find a lot of documentation i can wrap my head around for Microsoft.AspNetCore.Authentication, as im fairly new to asp.net in general. Otherwise if you have some good Resources on how to implement the Microsoft.AspNetCore.Authentication as a Bff Pattern for a Angular project im willing to pivot my solution. Its been weeks of trial and error. And this seems like the most straight forwards solution if it wasnt for offline_access
Thanks for your time
younes
I've seen there were 2 issues already opened regarding this issue. However im not satisfied with the answer i got. Im facing a problem where the offline_access scope makes it impossible for me to complete the code flow with the Identity provider im using. There is no way for me to edit the scopes on provider side, since its a company internally owned, developed provider, so just adding offline_access as a supported scope is not an option. Refresh tokens are generally not used within the company intranet, and only allowed for mobile used Applications. Is there a way to remove the offline_access token scope in my case?