Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 15:32

    kevinchalet on dev

    Bump Arcade to 5.0.0-beta (compare)

  • 15:32
    kevinchalet closed #936
  • 14:42
    kevinchalet synchronize #936
  • 14:41
    kevinchalet edited #936
  • 14:41
    kevinchalet edited #936
  • 02:12
    kevinchalet synchronize #936
  • 01:43
    kevinchalet synchronize #936
  • Apr 06 23:41
    kevinchalet synchronize #936
  • Apr 06 23:19
    kevinchalet synchronize #936
  • Apr 06 22:43
    kevinchalet assigned #936
  • Apr 06 22:43
    kevinchalet opened #936
  • Apr 06 22:43
    kevinchalet labeled #936
  • Apr 06 22:43
    kevinchalet milestoned #936
  • Apr 06 20:41

    kevinchalet on dev

    Update Directory.Build.targets … (compare)

  • Apr 06 20:41
    kevinchalet closed #935
  • Apr 06 19:10
    kevinchalet labeled #935
  • Apr 06 19:10
    kevinchalet labeled #935
  • Apr 06 19:10
    kevinchalet opened #935
  • Apr 06 18:16

    kevinchalet on dev

    Update Arcade and replace the n… (compare)

  • Apr 06 18:16
    kevinchalet closed #934
Kévin Chalet
@kevinchalet
@damccull did you forget to include the OpenIddict.AspNetCore package?
damccull
@damccull
@PinpointTownes Apparently I added OpenIddict as a package rather than OpenIddict.AspNetCore. So that's my mistake. Thanks for your help. Any idea why it would have not complained about that package on dotnet restore?
Kévin Chalet
@kevinchalet
OpenIddict is still a valid package, but it doesn't reference the ASP.NET Core hosts in 3.0, just the "core" core, server and validation stuff :smile:
If you want to integrate with ASP.NET Core, you need OpenIddict.Server.AspNetCore and OpenIddict.Validation.AspNetCore, that are referenced by the OpenIddict.AspNetCore metapackage.
Folks who want to integrate with legacy ASP.NET 4.x/OWIN apps can instead reference OpenIddict.Owin, which works exactly like OpenIddict.AspNetCore.
damccull
@damccull
Oh, ok. Makes sense. Thanks.
damccull
@damccull
So not to compare various kinds of fruit, but IdentityServer4 has a ton of options you have-to/can set on various kinds of registered clients. In openiddict I see only the RedirectUris, the clientsecret, and clientid. I like the simplicity, but is there anything I might need with the more advanced crap? Does openiddict support that extra stuff under the hood and it's just not in the examples?
Kévin Chalet
@kevinchalet
Keeping it not "too complicated" is 100% deliberate. We do expose a few options already, but if you need more advanced things, the events model will allow you to do whatever you want with a few lines of code.
It's a different approach, but you should be able to achieve whatever you want to do.
If you have a concrete example of an option you miss, I'm all ears :smile:
damccull
@damccull
I don't miss anything yet, lol. I just have been experimenting with identity server 4 and they have pretty darn good docs, but it seems like a lot of extra stuff to set up a specific client. I just wondered if all that extra was gaining me anything... Like security or something.
Kévin Chalet
@kevinchalet
It gives you... options :smile:
I try to avoid adding client properties because it becomes quickly noisy (even in the DB, as you have to introduce new columns for them)
damccull
@damccull
Cool. I'mma stick with the basics if I can get openiddict running this time :) I feel much more prepared than I did when I tried this a couple years back.
Kévin Chalet
@kevinchalet
Hahaha :smile:
damccull
@damccull
@PinpointTownes OpenIddictServerBuilder.UseMvc() doesn't seem to exist anymore in 3.0. Is this, or similar, still needed for Code auth?
Kévin Chalet
@kevinchalet
I haven’t ported this stuff. It used to register the MVC binders for OpenIdConnectRequest but that was a quite confusing pattern so I decided to remove it.
damccull
@damccull
Sweet. Think I might have skipped it by using the MVC sample in the dev branch anyways
new question @PinpointTownes. When I add a new migration for OpenIddict it's using IdentityUser instead of my derived ApplicationUser in the migrations, but I can't figure out why. There are no references to IdentityUser anywhere in my code. Am I missing an explicit config with OpenIddict somewhere?
Kévin Chalet
@kevinchalet
OpenIddict doesn’t use Identity at all, so it’s definitely not related :smile:
You either have an issue with your DbContext class or the generic arguments of your services.AddIdentity<>() call are incorrect.
damccull
@damccull
Hmm.
Thanks. let me look around more.
At least now I can rule out openiddict and go in the right direction lol
Kévin Chalet
@kevinchalet
:smile:
damccull
@damccull
Wow I'm dumb. I left the <ApplicationUser> part off of IdentityDbContext<ApplicationUser> in my dbcontext
Kévin Chalet
@kevinchalet
:laughing:
damccull
@damccull
I'm doing unsupported things...like using razor pages as my endpoints. I don't expect much support on it, but would you know why return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme); is returning the sign-in page html instead of a token or redirect to the token endpoint?
Kévin Chalet
@kevinchalet
The token endpoint is an API endpoint, for which Razor Pages are not exactly "good candidates" :smile:
Now, why it does that, no idea.
damccull
@damccull
I know, but I can't figure out how to make razor pages and an mvc controller share the same base route lol :D
Hmm...I wonder if it's the 'authorize' attribute. Lemme check.
Definitely that attribute. Sweet now a new problem that's probably also razor pages related lol
damccull
@damccull
I fixed it! :D
Lesson learned: Don't put [Authorize] on your token endpoint, and ensure you're not using antiforgery verification tokens on it either lol
Kévin Chalet
@kevinchalet
Haha, yeah :smile:
damccull
@damccull
So device flow: The device goes to the /device endpoint to get the code info it needs to present to the user. User visits the /verify endpoint and clicks Yes...now how does the device know that's happened and get the token?
Kévin Chalet
@kevinchalet
Polling. Repeated token requests until the user validates the demand.
damccull
@damccull
to the tokens endpoint? With what parameters, my friend?
Kévin Chalet
@kevinchalet
The ones defined in the spec :smile:
damccull
@damccull
I shall find this spec. Standby.
OpenIddict handles device requests for you, but you’ll need to handle verification and token requests by providing custom actions.
Don’t hesitate to take a look at the MVC server sample.
damccull
@damccull
is urn:ietf:params:oauth:grant-type:device_code a standard for device code? Like do I use that for the grant type always?
Kévin Chalet
@kevinchalet
It is.
damccull
@damccull
Ok cool
it's a totally confusing string lol
Kévin Chalet
@kevinchalet
Hehe yeah :smile:
damccull
@damccull
Wow. this thing works perfectly.