Hybrid flow #28

maxisam · 2016-08-24T16:54:44Z

Thank you for awesome examples. Any chance you will create one for Hybrid flow + Angular 2 ?

damienbod · 2016-08-25T04:32:33Z

Hi @maxisam
I havn't thought about this yet, sounds interesting. I'll have a look at this.

Greetings Damien

nigel-dewar · 2016-11-20T13:52:29Z

second this.

damienbod · 2017-06-05T15:29:17Z

here's a solution for this:

https://damienbod.com/2017/05/06/secure-asp-net-core-mvc-with-angular-using-identityserver4-openid-connect-hybrid-flow/

nigel-dewar · 2017-06-06T06:00:14Z

Thank u damien. This is great. I guess to get the userinfo u would call the userinfo endpoint with the cookie and deliver that into the angular app right? Cheers Sent from Samsung Mobile

…

-------- Original message -------- From: damienbod Date:06/06/2017 01:29 (GMT+10:00) To: damienbod/AspNet5IdentityServerAngularImplicitFlow Cc: nigel-dewar , Comment Subject: Re: [damienbod/AspNet5IdentityServerAngularImplicitFlow] Hybrid flow (#28) https://damienbod.com/2017/05/06/secure-asp-net-core-mvc-with-angular-using-identityserver4-openid-connect-hybrid-flow/ — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#28 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AI94WJeGMfKa3NlIUdRgKDaJp-El-yMZks5sBB7PgaJpZM4JsOXR>.

damienbod · 2017-06-06T06:08:38Z

Yes, but I never tried it. The access_token is part of the cookie, which is http only. The middleware on the server uses cookie middleware to validate.

Important thing is thing if your using cookies with angular, you must protect against XSRF. Pure SPAs should use tokens and not cookies.

Greetings Damien

nigel-dewar · 2017-06-06T06:23:40Z

Sure thing makes sense. Cheers damo Sent from Samsung Mobile

…

-------- Original message -------- From: damienbod Date:06/06/2017 16:08 (GMT+10:00) To: damienbod/AspNet5IdentityServerAngularImplicitFlow Cc: nigel-dewar , Comment Subject: Re: [damienbod/AspNet5IdentityServerAngularImplicitFlow] Hybrid flow (#28) Yes, but I never trying it. The access_token is part of the cookie, which is http only. The middleware on the server uses cookie middleware to validate. Important thing is thing if your using cookies with angular, you must protect against XSRF. Pure SPAs should use tokens and not cookies. Greetings Damien — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#28 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AI94WGFKqBb5fvrAeaTnkI9Zl4GCZPVlks5sBOzogaJpZM4JsOXR>.

damienbod added the enhancement label Nov 1, 2016

damienbod closed this as completed Jun 5, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hybrid flow #28

Hybrid flow #28

maxisam commented Aug 24, 2016

damienbod commented Aug 25, 2016

nigel-dewar commented Nov 20, 2016

damienbod commented Jun 5, 2017 •

edited

nigel-dewar commented Jun 6, 2017 via email

damienbod commented Jun 6, 2017 •

edited

nigel-dewar commented Jun 6, 2017 via email

Hybrid flow #28

Hybrid flow #28

Comments

maxisam commented Aug 24, 2016

damienbod commented Aug 25, 2016

nigel-dewar commented Nov 20, 2016

damienbod commented Jun 5, 2017 • edited

nigel-dewar commented Jun 6, 2017 via email

damienbod commented Jun 6, 2017 • edited

nigel-dewar commented Jun 6, 2017 via email

damienbod commented Jun 5, 2017 •

edited

damienbod commented Jun 6, 2017 •

edited