Open Closed

Use IdentitySever to authenticate no human clients #9760


0
ivanosw1 created

Hi, I have many clients ( devices and server to server services) that need to connect with AbpZero (version >= 9.1). I have enabled identityserver4 with "client_credentials" as AllowedGrantTypes but Abp don't recognize as autheticated the token issued.

The problem is similiar to https://support.aspnetzero.com/QA/Questions/5145/API-call-requiring--Authirization-by-using-IdentityServer

These clients don't need user and password and I don't want to create many fake users beacuse isn't required permissions or roles. Only authentication is required. How can I obtain this requirements?

Thank you


3 Answer(s)
  • 0
    maliming created
    Support Team

    hi

    Please refer to https://github.com/aspnetboilerplate/aspnetboilerplate/issues/3085#issuecomment-366451689

  • 0
    elferone created

    @ivanosw1, what solution did you end up chosing for this ? We'll looking at the same context as you.

    Thanks !

  • 0
    ivanosw1 created

    Hi @elferone

    At the end we have separated Abp authentication from Identity Server. Each services talk directly to Identiy Server with client credential authentication to obtain a token. The service's endpoints are protected by a custom attribute that validate the token issued by identity server (scope, validity, issuer, end so on).