Asp.net Zero integration with separate Identity Server 4 project #8318

alwefaq created 4 years ago

Dears ,

We have a spearate Identity Server 4 project with this url : http://localhost:63636/ , below the .well-known/openid-configuration for this project :

{ "issuer": "http://localhost:63636", "jwks_uri": "http://localhost:63636/.well-known/openid-configuration/jwks", "authorization_endpoint": "http://localhost:63636/connect/authorize", "token_endpoint": "http://localhost:63636/connect/token", "userinfo_endpoint": "http://localhost:63636/connect/userinfo", "end_session_endpoint": "http://localhost:63636/connect/endsession", "check_session_iframe": "http://localhost:63636/connect/checksession", "revocation_endpoint": "http://localhost:63636/connect/revocation", "introspection_endpoint": "http://localhost:63636/connect/introspect", "device_authorization_endpoint": "http://localhost:63636/connect/deviceauthorization", "frontchannel_logout_supported": true, "frontchannel_logout_session_supported": true, "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "scopes_supported": ["profile", "openid", "email", "phone", "default-api", "offline_access"], "claims_supported": ["name", "updated_at", "locale", "zoneinfo", "birthdate", "gender", "picture", "profile", "preferred_username", "nickname", "middle_name", "given_name", "family_name", "website", "sub", "email_verified", "email", "phone_number", "phone_number_verified"], "grant_types_supported": ["authorization_code", "client_credentials", "refresh_token", "implicit", "password", "urn:ietf:params:oauth:grant-type:device_code"], "response_types_supported": ["code", "token", "id_token", "id_token token", "code id_token", "code token", "code id_token token"], "response_modes_supported": ["form_post", "query", "fragment"], "token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post"], "id_token_signing_alg_values_supported": ["RS256"], "subject_types_supported": ["public"], "code_challenge_methods_supported": ["plain", "S256"], "request_parameter_supported": true }

For Identity Server 4 we also used a diffrent database , the same users in Asp.net Zero project were also registred in Identity Server 4 DB.
When we try to use this link as IdentityServerUrlBase with ConsoleApiClient sample it's work fine and i used the access token to conect to Asp.net Zero project ($"{ServerUrlBase}api/services/app/user/getUsers")

For the Asp.net Zero project i changed the appsettings.json to be like that : "IdentityServer": { "IsEnabled": "true", "Authority": "http://localhost:63636/", "ApiName": "default-api", "ApiSecret": "secret", "Clients": [ { "ClientId": "client", "AllowedGrantTypes": [ "password" ], "ClientSecrets": [ { "Value": "def2edf7-5d42-4edc-a84a-30136c340e13" } ], "AllowedScopes": [ "default-api" ] } ] }

The problem is the angular project does't use the Identity Server 4 , if we clsoe Identity Server 4 the angular still worke .
I read this documetation https://aspnetboilerplate.com/Pages/Documents/Zero/Identity-Server , but we still have issue with integration.

Please let me know if you any other informations . Best egards

8 Answer(s)

0

maliming created 4 years ago
Support Team

hi alwefaq

The angular project uses Token Based Authentication(https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Token-Based-Authentication) by default.

ConsoleApiClient calls the password grant flow of the identity server.

This is why angular works fine even after you stop the identity server.
0
alwefaq created 4 years ago
Hi Maliming ,

Thanks for your response .

Actully angular project use Token after generated from /api/TokenAuth/Authenticate api .

We need any project to call Extrenal Identity Server 4(http://localhost:63636) when they want to Authenticate any user and generate the Token for this user (Username and password).

As the documentation for Identity server we need to only apply changes below , then any Authetiation request and Tokens should generated from External Identity server :

"IdentityServer": { "IsEnabled": "true", "Authority": "http://localhost:63636/",

Please can let me know if this applicable in aspnetzero ?

Best regards
0

maliming created 4 years ago
Support Team

Yes, you need to get the token & refresh the token from the identity server.
0

alwefaq created 4 years ago

So why Asp.net Zero don't cal the external identity server and get the token and refresh token automatically after change the settingd below ? :

"IdentityServer": { "IsEnabled": "true", "Authority": "http://localhost:63636/", //external identity server

Please can you give a full answer on this issue .
0

maliming created 4 years ago
Support Team

You can discuss this in Zero milestone 8.2.

https://github.com/aspnetzero/aspnet-zero-core/issues/2861
0

alwefaq created 4 years ago

Page not found !
0

maliming created 4 years ago
Support Team

https://aspnetzero.com/LicenseManagement

You can invite anyone to become a member of the ASP.NET Zero organization using their GitHub username. And they can access the ASP.NET Zero private GitHub repositories. Your license plan allows you to add up to 20 users. Right after you add a GitHub user, the user will receive an invitation email. If there is problem receiving the invitation email, alternatively user can visit github.com/orgs/aspnetzero page and accept the invitation.
0

ismcagdas created 4 years ago
Support Team

This issue is closed because of no recent activity. Please create a new issue if you are still having this problem.

Have an answer to this question? Log in and write your answer.