kevinchalet
commented
1 month ago Hey,
Is it advisable to have separate OpenIddictApplicationDescriptor entries for each server/webapi?
Absolutely (actually, reusing the same client identifier for multiple, unrelated applications is strongly discouraged).
Would the Webforms project also have a separate OpenIddictApplicationDescriptor
Yes, one app -> one client π
Following from this, would it be advisable to have a scope per server/webapi? Or should scopes group APIs that are likely to be accessed by a certain role/function?
Both options are perfectly fine and it's mostly a matter of personal preference. Whatever approach you decide to go with, it's a good practice to use scopes that grant access to a limited set of API functions (so you can more precisely control what a client application can do on behalf of the user), whether they are provided by the same project or not.
Do new OpenIddictApplicationDescriptor entries have any impact on pre-issued access tokens?
No. You can also update an existing client entry without affecting access tokens issued before doing it.
Hope it'll help π All the best.
realisable
Confirm you've already contributed to this project or that you sponsor it
Version
5.8
Question
We have a set of elementary questions which I hope you can provide guidance on.
Application Structure
We have a number of APIs all hosted in different servers/webapi hosts. Each servers/webapi will be configured to use Introspection. We have a legacy Webforms project. This will be configured to use Introspection. We have a Yarp BFF - This follows the Dantooine sample. We have a Blazor WASM Client. - This follows the Dantooine sample.
Questions
Many Thanks