These are chat archives for thinktecture/Thinktecture.IdentityManager

18th
Dec 2014
Matt Heffernan
@mattheffernan
Dec 18 2014 07:23
Is it possible to use ClientCredentials flow with the idm? I have it working with OAuth and implicit using the default user and web front end, but would like to get at the idm api from another app as well.
Brock Allen
@brockallen
Dec 18 2014 17:27
we don't support that -- the client app is the JS, so that's why it's using implicit flow
Matt Heffernan
@mattheffernan
Dec 18 2014 17:28
i was able to get it to work by using the RO flow and using the user from the idSrv
Brock Allen
@brockallen
Dec 18 2014 17:28
but... now that i think about it... you might be able to use client_credentials. in essence, the API endpoints just need to validate the access token
Matt Heffernan
@mattheffernan
Dec 18 2014 17:28
the issue is with the claims from what i've been able to gather
IdentityManagerAdministrator
gets in the way
Brock Allen
@brockallen
Dec 18 2014 17:28
this is an area that needs work -- given the trouble people are having with it, i think it needs work
yes, understood
Matt Heffernan
@mattheffernan
Dec 18 2014 17:29
so when you use RO you have a claim, but Client you dont
great work by the way
Brock Allen
@brockallen
Dec 18 2014 17:29
so right, then you've answered your own question -- the client doesn't have the role (unless your AS puts it in the token)
thx
Matt Heffernan
@mattheffernan
Dec 18 2014 17:30
i've been trying to figure that part out, using IdServ.v3 for my auth
but based on this thinktecture/Thinktecture.IdentityServer.v3#76
Brock Allen
@brockallen
Dec 18 2014 17:30
you can customize the contents in the token, but that might be more work than you want to do
Matt Heffernan
@mattheffernan
Dec 18 2014 17:30
you cant set claims on a client cred, or am i wrong.
Brock Allen
@brockallen
Dec 18 2014 17:31
well, the other thing i've been meaning to implement in IdMgr is a claims transformation callback where you could dynamically add the role based upon custom logic (like a specific client_id)
so it'd be invoked in the owin pipeline after the token authentication and before the role authorization
Matt Heffernan
@mattheffernan
Dec 18 2014 17:32
kinda how the local auth works
Brock Allen
@brockallen
Dec 18 2014 17:32
but, as we've said elsewhere, IdSvr is getting the main attention now
IdMgr will get some work done after IdSvr is released
Matt Heffernan
@mattheffernan
Dec 18 2014 17:32
i was curious how the local was getting the claim set
i understand, i'll move along with my RO solution and come back when you guys are further along
been learning a lot over the past month, always done the typical app has its own creds route. but this has been eye opening
Matt Heffernan
@mattheffernan
Dec 18 2014 17:40
would it make sense to allow the scope to have a default value to a claim as well as specifying it? that way you could say if your using this scope you get this role... or drop the role from the idm auth and just use the scope as a key instead? more curious to why one way vs another than anything else
Brock Allen
@brockallen
Dec 18 2014 17:41
the role was added if the request was local
yea, i see what you mean about the scope. maybe. i'd have to think more about it...
Matt Heffernan
@mattheffernan
Dec 18 2014 17:43
sounds good, i'll leave you alone i'm sure you have better things to be working on. thanks for your time
Brock Allen
@brockallen
Dec 18 2014 17:44
np
Matt Heffernan
@mattheffernan
Dec 18 2014 17:45
sorry, i do have one more question if you have a sec. since all of the products are using il merge to zip up your dll's to one clean lib, how can you debug across projects? i tried to attach to express/w3 but it cant find the symbols
Brock Allen
@brockallen
Dec 18 2014 20:17
if you have the source on your machine and have it opened in VS then in my experience there's something within VS that know that's the right file.
but idmgr might not be shipping the pdb -- if not, i need to add that to the nugety
Matt Heffernan
@mattheffernan
Dec 18 2014 21:01
it was for the idsrv, not sure if i tried to debug the mgr. i'll try again tonight to see if i can figure it out. thx
i saw you dont follow many people, but you do follow kevin griffin, good guy we are in the same .net users group. he brought a mvp friend down from somewhere in the NE was trying to remember if it was you
Brock Allen
@brockallen
Dec 18 2014 22:16
i've met kevin once in vegas. we were both speaking at dev connections.