Hi, I have many clients ( devices and server to server services) that need to connect with AbpZero (version >= 9.1). I have enabled identityserver4 with "client_credentials" as AllowedGrantTypes but Abp don't recognize as autheticated the token issued.
The problem is similiar to https://support.aspnetzero.com/QA/Questions/5145/API-call-requiring--Authirization-by-using-IdentityServer
These clients don't need user and password and I don't want to create many fake users beacuse isn't required permissions or roles. Only authentication is required. How can I obtain this requirements?
Thank you
5 Answer(s)
-
0
hi
Please refer to https://github.com/aspnetboilerplate/aspnetboilerplate/issues/3085#issuecomment-366451689
-
0
@ivanosw1, what solution did you end up chosing for this ? We'll looking at the same context as you.
Thanks !
-
0
Hi @elferone
At the end we have separated Abp authentication from Identity Server. Each services talk directly to Identiy Server with client credential authentication to obtain a token. The service's endpoints are protected by a custom attribute that validate the token issued by identity server (scope, validity, issuer, end so on).
-
0
Hi @ivanosw1ha
colud please share more details about this solution? So if I correct undestand you have create an IS that is the main authentication point for ABP and other services (have you create it from scratch?), change abp login method to use external IS (are you on MVC or Angular?) like a third party authenticator (es. FB, google, M365).
Thanks
-
0
Hi @andmattia, our solution is more simple and less invasive. Abp still keeps it's own authentication system. We have enable identity server only for authenticate "service/not human" clients and created a custom authorization attribute to protect route using scopes.
