Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 16 17:34

    kevinchalet on dev

    Update the ValidatePrincipal ha… (compare)

  • Feb 16 17:34
    kevinchalet closed #913
  • Feb 16 17:06
    kevinchalet milestoned #913
  • Feb 16 17:06
    kevinchalet labeled #913
  • Feb 16 17:06
    kevinchalet assigned #913
  • Feb 16 17:06
    kevinchalet opened #913
  • Feb 15 00:05
    kevinchalet closed #907
  • Feb 14 00:21

    kevinchalet on dev

    Add MapInternalClaims and handl… (compare)

  • Feb 14 00:21
    kevinchalet closed #912
  • Feb 13 23:45
    kevinchalet synchronize #912
  • Feb 13 23:40
    kevinchalet milestoned #912
  • Feb 13 23:40
    kevinchalet labeled #912
  • Feb 13 23:40
    kevinchalet assigned #912
  • Feb 13 23:40
    kevinchalet opened #912
  • Feb 11 18:45

    kevinchalet on dev

    Move the entities validation lo… (compare)

  • Feb 11 18:45
    kevinchalet closed #911
  • Feb 11 17:43
    kevinchalet milestoned #911
  • Feb 11 17:43
    kevinchalet labeled #911
  • Feb 11 17:43
    kevinchalet assigned #911
  • Feb 11 17:43
    kevinchalet opened #911
damccull
@damccull
Cool. I'mma stick with the basics if I can get openiddict running this time :) I feel much more prepared than I did when I tried this a couple years back.
Kévin Chalet
@kevinchalet
Hahaha :smile:
damccull
@damccull
@PinpointTownes OpenIddictServerBuilder.UseMvc() doesn't seem to exist anymore in 3.0. Is this, or similar, still needed for Code auth?
Kévin Chalet
@kevinchalet
I haven’t ported this stuff. It used to register the MVC binders for OpenIdConnectRequest but that was a quite confusing pattern so I decided to remove it.
damccull
@damccull
Sweet. Think I might have skipped it by using the MVC sample in the dev branch anyways
new question @PinpointTownes. When I add a new migration for OpenIddict it's using IdentityUser instead of my derived ApplicationUser in the migrations, but I can't figure out why. There are no references to IdentityUser anywhere in my code. Am I missing an explicit config with OpenIddict somewhere?
Kévin Chalet
@kevinchalet
OpenIddict doesn’t use Identity at all, so it’s definitely not related :smile:
You either have an issue with your DbContext class or the generic arguments of your services.AddIdentity<>() call are incorrect.
damccull
@damccull
Hmm.
Thanks. let me look around more.
At least now I can rule out openiddict and go in the right direction lol
Kévin Chalet
@kevinchalet
:smile:
damccull
@damccull
Wow I'm dumb. I left the <ApplicationUser> part off of IdentityDbContext<ApplicationUser> in my dbcontext
Kévin Chalet
@kevinchalet
:laughing:
damccull
@damccull
I'm doing unsupported things...like using razor pages as my endpoints. I don't expect much support on it, but would you know why return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme); is returning the sign-in page html instead of a token or redirect to the token endpoint?
Kévin Chalet
@kevinchalet
The token endpoint is an API endpoint, for which Razor Pages are not exactly "good candidates" :smile:
Now, why it does that, no idea.
damccull
@damccull
I know, but I can't figure out how to make razor pages and an mvc controller share the same base route lol :D
Hmm...I wonder if it's the 'authorize' attribute. Lemme check.
Definitely that attribute. Sweet now a new problem that's probably also razor pages related lol
damccull
@damccull
I fixed it! :D
Lesson learned: Don't put [Authorize] on your token endpoint, and ensure you're not using antiforgery verification tokens on it either lol
Kévin Chalet
@kevinchalet
Haha, yeah :smile:
damccull
@damccull
So device flow: The device goes to the /device endpoint to get the code info it needs to present to the user. User visits the /verify endpoint and clicks Yes...now how does the device know that's happened and get the token?
Kévin Chalet
@kevinchalet
Polling. Repeated token requests until the user validates the demand.
damccull
@damccull
to the tokens endpoint? With what parameters, my friend?
Kévin Chalet
@kevinchalet
The ones defined in the spec :smile:
damccull
@damccull
I shall find this spec. Standby.
OpenIddict handles device requests for you, but you’ll need to handle verification and token requests by providing custom actions.
Don’t hesitate to take a look at the MVC server sample.
damccull
@damccull
is urn:ietf:params:oauth:grant-type:device_code a standard for device code? Like do I use that for the grant type always?
Kévin Chalet
@kevinchalet
It is.
damccull
@damccull
Ok cool
it's a totally confusing string lol
Kévin Chalet
@kevinchalet
Hehe yeah :smile:
damccull
@damccull
Wow. this thing works perfectly.
Only thing I can't seem to find: On https://www.oauth.com/oauth2-servers/device-flow/token-request/ it says there's a polling interval. Where is that sent to me so I know when to poll next or how often?
Oh, i see. The spec says wait 5 seconds if none is provided.
Got it. I assume it's provided in the token endpoint response then
Kévin Chalet
@kevinchalet
Before each new request,
the client MUST wait at least the number of seconds specified by
the "interval" parameter of the device authorization response (see
Section 3.2), or 5 seconds if none was provided, and respect any
increase in the polling interval required by the "slow_down"
error.
damccull
@damccull
noice thanks man
does openiddict generate the interval or is that something I'd have to mod in to my app?
not that I need it, just curious
Kévin Chalet
@kevinchalet
There's currently no support for throttling.
damccull
@damccull
ok good to know. i figured while spamming my endpoint with postman waaaay faster than 5 seconds apart :D
Kévin Chalet
@kevinchalet
Not saying there's will no story for that, but it's hard to implement in distributed apps in a fairly efficient and reliable way.
lol
damccull
@damccull
@PinpointTownes https://gitlab.com/damccull/openiddict-razorpages/ here is the working example I have now using razorpages as endpoints. Why? Because it was easier than figuring out how to put MVC in there with razor pages. Plus I think it's cleaner if the rest of the site will be razorpages anyways :D
Kévin Chalet
@kevinchalet
lol