Comments (5)
Not so sure I understand, but the OIDC implicit flow should be used if you are doing authentication; flow 'id_token'. The access token is not required if you do no API calls.
It is not possible to set a refresh token with this flow. The idea is that you use a silent renew to get the new tokens in a background task in an iframe. User does not notice anything here.
from aspnet6identityserver4angularoidcflows.
I think I was not very clear. We are creating an Angular application requiring authentication. That means we must use implicit flow. So if I understand correctly, the silent renew is used to keep the user logged in.
In order to authorize the user, from calling restricted APIs, that is not related to the implicit flow, correct? I tend to confuse one and the other.
from aspnet6identityserver4angularoidcflows.
To call APIs you need to get an access token from the STS server. This is done as part of the OIDC Implicit Flow 'id_token token'. The access token is validated as part of this flow. You need to be sure that the access token is for you. Then you can used this access token to access the APIs. The silent renew refreshes both tokens. Don't forget to implement a good CSP header for you app as well.
The id_token is used for the application, roles, claims etc are in JWT token. The access token should not be opened by the client application. Only the API used this. The angular app receives this and sends it in the header of the api requests.
from aspnet6identityserver4angularoidcflows.
So to clarify, in the response, 'id_token' is the JWT token and 'token' is received as 'access_token' and 'token_type': "Bearer", correct?
from aspnet6identityserver4angularoidcflows.
@nvella88 yes, this is correct
from aspnet6identityserver4angularoidcflows.
Related Issues (20)
- Internal Error message localization HOT 3
- ShowRecoveryCodesViewModel localization HOT 5
- ExternalLoginFailure localization of title HOT 1
- Webpack dev server high cpu and memory HOT 1
- How to send token from API to another HOT 1
- Single signon login form localization HOT 2
- Authorize Attribute with Roles Not Working for new JWT Tokens. HOT 1
- License? HOT 1
- Integration With Skoruba Admin HOT 1
- Commit 22ae2223
- the modules of "node-sass" can't be installed 。 HOT 1
- samesite flag chrome issue HOT 2
- Silent Sign in
- CodeFlow example HOT 1
- Checking against a mix of roles/claims HOT 2
- sign in
- Angular App not running HOT 3
- Move Angular projects to CLI
- Accidentally Opened Issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnet6identityserver4angularoidcflows.