Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 18:42

    kevinchalet on dev

    Add a new option allowing to ma… (compare)

  • 18:42
    kevinchalet closed #1143
  • 18:42
    kevinchalet closed #1140
  • 18:29
    kevinchalet labeled #1143
  • 18:29
    kevinchalet milestoned #1143
  • 18:29
    kevinchalet assigned #1143
  • 18:29
    kevinchalet opened #1143
  • 16:38
    kevinchalet commented #736
  • 16:36
    kevinchalet pinned #1138
  • 16:21

    kevinchalet on dev

    Introduce response type permiss… (compare)

  • 16:21
    kevinchalet closed #1142
  • 16:21
    kevinchalet closed #1139
  • 16:21
    kevinchalet closed #1138
  • 16:00
    kevinchalet commented #1138
  • 15:57
    kevinchalet assigned #1142
  • 15:57
    kevinchalet milestoned #1142
  • 15:57
    kevinchalet labeled #1142
  • 15:57
    kevinchalet opened #1142
  • 15:51
    kevinchalet unpinned #762
  • 15:51
    kevinchalet unpinned #808
Kévin Chalet
@kevinchalet
It's up to you. Identity itself won't work without a DB, so you may want to use something else.
bviale
@bviale
Ok I see. If I don't use Identity, the HandleTokenRequestContext event will never be triggered right ? Should I move all the user/password check and grant the claims in the controller then ?
Kévin Chalet
@kevinchalet
No, it's completely unrelated.
You can use either the events model (with HandleTokenRequestContext) or enable the pass-through mode and handle token requests in a MVC controller.
(well, I said a MVC controller but it could be a middleware or even a Carter module)
bviale
@bviale
My goal is to add a login page in the server itself , just like the AuthorizationServer in the CodeFlow sample
Kévin Chalet
@kevinchalet
What's preventing you from doing that?
bviale
@bviale
So I think I'll need to do my magic in the POST Account/Login and I'll don't need the HandleTokenRequestContext right ?
I'm trying to figure how I can actually log the user here without using _signInManager.PasswordSignInAsync()
Kévin Chalet
@kevinchalet
You can use the core authentication APIs provided by ASP.NET Core to create authentication cookies.
bviale
@bviale
Ok thanks, I'm going to try it

One last thing, I think it's a stupid one, I'm not able to simply use [Authorize] on my controllers.
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).

In my startup I'm using the snippet you sent me yesterday

I tried to set a scheme as a parameter in services.AddAuthentication(); but it didn't work
Kévin Chalet
@kevinchalet
The snippet I sent yesterday demonstrated how to use the password flow with the degraded mode. For the code flow - which is an interactive flow - you'll need extra things, like a cookie authentication middleware.
bviale
@bviale
oh ok I see, so both of my my issues will be gone once I'll set up the cookie authentification then, thanks
damccull
@damccull
Howdy. Been a very long time since I looked into openiddict and I've since gained a much better understanding of how the whole OIDC system works, though there's still some pain points and I still have to reference docs...a lot. Anyways, I was wondering what the current status for aspnetcore 3.0 is. I see the repo says the openiddict 3.0 code is still WIP, but can I use the 2.x branch with asp.net 3.0?
I see a post from @PinpointTownes about this very issue...so yes, I would like to try it out :D If it's available.
Man, I should read before I post, lol. Thanks @PinpointTownes I'll just download 2.0.1 and see how it goes :D
Kévin Chalet
@kevinchalet
@damccull haha, yeah, both 2.0.1 and 3.0 are compatible with ASP.NET Core.
If you need a production-ready stuff, go with 2.0.1. If you prefer the latest and coolest stuff, 3.0 is for you!
damccull
@damccull
@PinpointTownes is 3.0 stable enough to use on a low traffic game guild site without a bunch of crashes?
I think now that i finally understand how the actual flows work I might be able to get openiddict to work this time :D
Kévin Chalet
@kevinchalet
lol yeah :smile:
Kévin Chalet
@kevinchalet
FYI: 3.0 supports the device flow, in case you'd want to use it.
damccull
@damccull
Nice, i'll try that one then
though I'm not familiar with device flow yet. I'll check it out on the youtubes
Oh man..that'd be perfect for a discord bot
perhaps
oh yeah, def
that'd be perfect
damccull
@damccull
@PinpointTownes In the Dev branch's readme getting started example (understanding this is dev code) there is a spot in AddServer's options that sets options.UseAspNetCore(), only that doesn't seem to be recognized as a valid method. Neither does .AddValidation() and its children. Did something change I'm not picking up?
Kévin Chalet
@kevinchalet
@damccull did you forget to include the OpenIddict.AspNetCore package?
damccull
@damccull
@PinpointTownes Apparently I added OpenIddict as a package rather than OpenIddict.AspNetCore. So that's my mistake. Thanks for your help. Any idea why it would have not complained about that package on dotnet restore?
Kévin Chalet
@kevinchalet
OpenIddict is still a valid package, but it doesn't reference the ASP.NET Core hosts in 3.0, just the "core" core, server and validation stuff :smile:
If you want to integrate with ASP.NET Core, you need OpenIddict.Server.AspNetCore and OpenIddict.Validation.AspNetCore, that are referenced by the OpenIddict.AspNetCore metapackage.
Folks who want to integrate with legacy ASP.NET 4.x/OWIN apps can instead reference OpenIddict.Owin, which works exactly like OpenIddict.AspNetCore.
damccull
@damccull
Oh, ok. Makes sense. Thanks.
damccull
@damccull
So not to compare various kinds of fruit, but IdentityServer4 has a ton of options you have-to/can set on various kinds of registered clients. In openiddict I see only the RedirectUris, the clientsecret, and clientid. I like the simplicity, but is there anything I might need with the more advanced crap? Does openiddict support that extra stuff under the hood and it's just not in the examples?
Kévin Chalet
@kevinchalet
Keeping it not "too complicated" is 100% deliberate. We do expose a few options already, but if you need more advanced things, the events model will allow you to do whatever you want with a few lines of code.
It's a different approach, but you should be able to achieve whatever you want to do.
If you have a concrete example of an option you miss, I'm all ears :smile:
damccull
@damccull
I don't miss anything yet, lol. I just have been experimenting with identity server 4 and they have pretty darn good docs, but it seems like a lot of extra stuff to set up a specific client. I just wondered if all that extra was gaining me anything... Like security or something.
Kévin Chalet
@kevinchalet
It gives you... options :smile:
I try to avoid adding client properties because it becomes quickly noisy (even in the DB, as you have to introduce new columns for them)
damccull
@damccull
Cool. I'mma stick with the basics if I can get openiddict running this time :) I feel much more prepared than I did when I tried this a couple years back.
Kévin Chalet
@kevinchalet
Hahaha :smile:
damccull
@damccull
@PinpointTownes OpenIddictServerBuilder.UseMvc() doesn't seem to exist anymore in 3.0. Is this, or similar, still needed for Code auth?
Kévin Chalet
@kevinchalet
I haven’t ported this stuff. It used to register the MVC binders for OpenIdConnectRequest but that was a quite confusing pattern so I decided to remove it.
damccull
@damccull
Sweet. Think I might have skipped it by using the MVC sample in the dev branch anyways
new question @PinpointTownes. When I add a new migration for OpenIddict it's using IdentityUser instead of my derived ApplicationUser in the migrations, but I can't figure out why. There are no references to IdentityUser anywhere in my code. Am I missing an explicit config with OpenIddict somewhere?