-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hybrid flow #28
Comments
Hi @maxisam Greetings Damien |
second this. |
Thank u damien. This is great. I guess to get the userinfo u would call the userinfo endpoint with the cookie and deliver that into the angular app right? Cheers
Sent from Samsung Mobile
…-------- Original message --------
From: damienbod
Date:06/06/2017 01:29 (GMT+10:00)
To: damienbod/AspNet5IdentityServerAngularImplicitFlow
Cc: nigel-dewar , Comment
Subject: Re: [damienbod/AspNet5IdentityServerAngularImplicitFlow] Hybrid flow (#28)
https://damienbod.com/2017/05/06/secure-asp-net-core-mvc-with-angular-using-identityserver4-openid-connect-hybrid-flow/
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#28 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AI94WJeGMfKa3NlIUdRgKDaJp-El-yMZks5sBB7PgaJpZM4JsOXR>.
|
Yes, but I never tried it. The access_token is part of the cookie, which is http only. The middleware on the server uses cookie middleware to validate. Important thing is thing if your using cookies with angular, you must protect against XSRF. Pure SPAs should use tokens and not cookies. Greetings Damien |
Sure thing makes sense. Cheers damo
Sent from Samsung Mobile
…-------- Original message --------
From: damienbod
Date:06/06/2017 16:08 (GMT+10:00)
To: damienbod/AspNet5IdentityServerAngularImplicitFlow
Cc: nigel-dewar , Comment
Subject: Re: [damienbod/AspNet5IdentityServerAngularImplicitFlow] Hybrid flow (#28)
Yes, but I never trying it. The access_token is part of the cookie, which is http only. The middleware on the server uses cookie middleware to validate.
Important thing is thing if your using cookies with angular, you must protect against XSRF. Pure SPAs should use tokens and not cookies.
Greetings Damien
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#28 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AI94WGFKqBb5fvrAeaTnkI9Zl4GCZPVlks5sBOzogaJpZM4JsOXR>.
|
Thank you for awesome examples. Any chance you will create one for Hybrid flow + Angular 2 ?
The text was updated successfully, but these errors were encountered: