Open Closed

API call requiring Authirization by using IdentityServer #5145


0
tugrulkarakaya created

I enabled IdentityServer and an defined an api Client.

I need to call an api requiring some AbpAuthorize with a client authorized with identityserver client. (Api require a specific role but client just have a client api permission) Client does not have user permission. client is just authorized with client password. Do I need specific API for this purposes or is it possible to execute call with client permission. (if a client is authorised for that client and I do not want to check other authorizations but angular client is needed to be authorized. is it possible to implement a scenario that Angular client is validated with given permission but API client is not needed to be validated)

Forexample how to call an API requiring auth as below from client (not form angular from a client authorized with identityserver clientpassword); "[AbpAuthorize(AppPermissions.Pages_SomeFunction)]"


2 Answer(s)
  • 0
    tugrulkarakaya created

    I think I have found a solution for this scenario, I need to authorize client with user password not client password. I mean not with this (<a class="postlink" href="http://docs.identityserver.io/en/release/quickstarts/1_client_credentials.html">http://docs.identityserver.io/en/releas ... tials.html</a>)I need to authorize with <a class="postlink" href="http://docs.identityserver.io/en/release/quickstarts/2_resource_owner_passwords.html">http://docs.identityserver.io/en/releas ... words.html</a> (resource owner not client)

    So I'll define an API user on Host (not on a tenant) and I'll set tenant during operation by requirement)

  • 0
    ismcagdas created
    Support Team

    @tugrulkarakaya Thank you for sharing your solution :).