You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
I'm currently determining a route forward for the identity provision piece of some software I'm responsible for, I had settled on IDSrv2 as an approach that would give me a great head-start on where I wanted to go (thank you.) Then you went and released IDsrv3 preview which shook my foundations somewhat
So i've set about re-implementing my PoC flows around the proposed future of id: the openid connect approach.
From what I can see OpenIdConnectionAuthenticationModule does not support this notion of a 'bootstrap token.' And I can't find the scope that I've requested from idsrv3 ('read') appearing in any of the claims in the identity token that comes back.
Is such as flow meaningful in an openid connect world, or do I need to 'just' pass around the 'bearer' access token (which has no signature verification or notion of scopes/claims associated with it) to the delegated API calls ? Apologies as always if these questions are frankly dumb!
The text was updated successfully, but these errors were encountered:
I'm currently determining a route forward for the identity provision piece of some software I'm responsible for, I had settled on IDSrv2 as an approach that would give me a great head-start on where I wanted to go (thank you.) Then you went and released IDsrv3 preview which shook my foundations somewhat
So i've set about re-implementing my PoC flows around the proposed future of id: the openid connect approach.
One thing that I was doing previously was http://www.cloudidentity.com/blog/2013/01/09/USING-THE-JWT-HANDLER-FOR-IMPLEMENTING-POOR-MAN-S-DELEGATION-ACTAS/ using the original JWT received from IDSrv2 to 'pass' tokens onto later Web API calls from within the application a user has performed a federated sign in onto.
From what I can see OpenIdConnectionAuthenticationModule does not support this notion of a 'bootstrap token.' And I can't find the scope that I've requested from idsrv3 ('read') appearing in any of the claims in the identity token that comes back.
Is such as flow meaningful in an openid connect world, or do I need to 'just' pass around the 'bearer' access token (which has no signature verification or notion of scopes/claims associated with it) to the delegated API calls ? Apologies as always if these questions are frankly dumb!
The text was updated successfully, but these errors were encountered: