Base solution for your next web application
Open Closed

Use IdentitySever to authenticate no human clients #9760


User avatar
0
ivanosw1 created

Hi, I have many clients ( devices and server to server services) that need to connect with AbpZero (version >= 9.1). I have enabled identityserver4 with "client_credentials" as AllowedGrantTypes but Abp don't recognize as autheticated the token issued.

The problem is similiar to https://support.aspnetzero.com/QA/Questions/5145/API-call-requiring--Authirization-by-using-IdentityServer

These clients don't need user and password and I don't want to create many fake users beacuse isn't required permissions or roles. Only authentication is required. How can I obtain this requirements?

Thank you


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi

    Please refer to https://github.com/aspnetboilerplate/aspnetboilerplate/issues/3085#issuecomment-366451689

  • User Avatar
    0
    elferone created

    @ivanosw1, what solution did you end up chosing for this ? We'll looking at the same context as you.

    Thanks !

  • User Avatar
    0
    ivanosw1 created

    Hi @elferone

    At the end we have separated Abp authentication from Identity Server. Each services talk directly to Identiy Server with client credential authentication to obtain a token. The service's endpoints are protected by a custom attribute that validate the token issued by identity server (scope, validity, issuer, end so on).

  • User Avatar
    0
    andmattia created

    Hi @ivanosw1ha

    colud please share more details about this solution? So if I correct undestand you have create an IS that is the main authentication point for ABP and other services (have you create it from scratch?), change abp login method to use external IS (are you on MVC or Angular?) like a third party authenticator (es. FB, google, M365).

    Thanks

  • User Avatar
    0
    ivanosw1 created

    Hi @andmattia, our solution is more simple and less invasive. Abp still keeps it's own authentication system. We have enable identity server only for authenticate "service/not human" clients and created a custom authorization attribute to protect route using scopes.