-
-
Notifications
You must be signed in to change notification settings - Fork 483
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: How can i get a token from a controller? #47
Comments
This is not something we support (at all): aspnet-contrib/AspNet.Security.OpenIdConnect.Server#194 (comment) Though popularized by well-known libraries like Satellizer, the flow you're trying to implement - that consists in starting the authorization process from your JS app and making the token request server-side - is not really standard and thus, not supported by OpenIddict (not to mention that you have to be extremely careful to avoid session fixation or XSRF attacks). Here's the recommended approach:
$authProvider.oauth2({
name: 'openiddict',
url: '/auth/openiddict',
clientId: '[the client_id you assigned to your JS app in Startup.cs]',
redirectUri: window.location.origin,
authorizationEndpoint: '[your ASP.NET 5 base address]/connect/authorize',
});
I'd love to add an AngularJS sample for OpenIddict demonstrating the best practices. Would you like to work with me on a sample using Satellizer? |
So the accountController needs a server side view, like the ones in the example? Does this also allow you to "not" use cookies? Just want to get this work asap, but the right way as well. Happy to help on a sample, that would really help me. What would you like me to do? I can strip my current application, to a very basic with angular and satellizer if you want? |
True, you'd need server side views to render the login page (and you'd have to use cookies, at least during the login process).
Yeah, having a basic Angular/Satellizer app would be nice 👍 |
Working on one now 👍 |
This is harder than i thought, i have created a basic app, but because the angular app is on the Index page, you cant just open the server side Accounts page, as this will lose the angular app, and thus Satellizer will not work. I am figuring out something else though, so will keep you posted |
Right, i am created a basic angular app (using the Mvc.Server as a template) and i can open a window, login and callback to the angular app. How can i get the accessToken for the logged in user?? |
Creating a webApi using asp.net 5, but i do not want to use cookies, and i have implemented googleAuthentication. This doesnt work using the standard SignInManger, as for some reason i get an error message saying No authentication handler is configured to authenticate for the scheme: Microsoft.AspNet.Identity.External, as i have logged on StackOverflow http://stackoverflow.com/questions/34763335/no-authentication-handler-is-configured-to-authenticate-for-the-scheme-microsof
To get round this issue, i have implemented my own code to connect to google, get the accessToken and then get the user info from google. Now i can add the user and login to my applicationContext, all fine. Now i need to return a JSON Web Token. How can i do this from my AuthController?? I also need to do the same thing when a user logs in using an email and password.
Here is my code, maybe i am missing something??
startup.cs
The text was updated successfully, but these errors were encountered: