Comments (14)
These are all valid points for legacy applications. But since Microsoft already previewed their new OpenID Connect middleware for Katana - the module has currently no high priority. Feel free to work on it!
from identityserver3.
I would help on this, I need a ASP.Net/WebForms app to support OIDC so (I think) I cannot rely on the Katana middleware :(
from identityserver3.
WebForms and Katana can work together (just like MVC and Katana).
from identityserver3.
sob I'm doing well today. I'd read: http://stackoverflow.com/questions/19423097/is-it-possible-to-use-katana-to-host-an-existing-webforms-application-within-a-w and trusted it :/
from identityserver3.
Well - it is right and wrong - MVC and WebForms cannot be hosted using Katana. But you can still use Katana middleware (e.g. the templates in VS2013 use Google authentication middleware).
from identityserver3.
Ah, ok. right, thank you for the clarification, that makes sense :)
from identityserver3.
.... so I've investigated the katana OpenIdConnect middleware and it appears to not support the codeflow. I can't find any supporting documentation with it to suggest there is any intention to either (no raised issues, comments in discussion forums etc.) :( (this surprises me somewhat so perhaps I'm misunderstanding its purpose!)
Before I try and re-grok the source do you know for a fact that I'm wrong about this ? (also, and related it doesn't support the ability to get back an ID+Access token at the same time [ https://katanaproject.codeplex.com/discussions/542150 ] ) long story short, your module appears to be significantly better at first + second glance to my untrained eyes!
Update: Ah. https://katanaproject.codeplex.com/workitem/247
from identityserver3.
see here:
#54
from identityserver3.
Thanks, that covers the access token, but I'm more concerned about them only supporting the implicit flow had loosely understood that flow as being the 'least secure' and should only be used when the client can't be trusted, but the implication of the middleware + azure is that implicit flows are A-Ok ?
from identityserver3.
Implicit just means that the client authentication is implicit.
They also do hybrid flow btw - but IdSrv does not support that (yet).
from identityserver3.
(implicit) Sure, but doesn't that mean the level of trust you should be willing to grant requests from that client should be lower (for example issuing shorter duration access tokens?) (I had been planning to make sure all my internal (non mobile) trusted web applications utilised the code flow, based on this potentially wrong understanding!
from identityserver3.
Well it depends on a number of factors - implicit is for JS/native applications (no client secret but redirect URI) where credential/consent should happen on the AS - whereas using code flow requires the flow triggered by a server and due to client credentials gives you additional features like refresh tokens.
from identityserver3.
Ok. That matches my understanding, I just (naively it would seem!) assumed that code flow was one of the commonest flows! Thank you as always!
from identityserver3.
Closing this for now. Please open a new issue if you plan to work on an HttpModule for backwards compat.
from identityserver3.
Related Issues (20)
- CustomUserService with Redis cache: Looking for validation that I am doing it properly HOT 1
- User X509 certificate HOT 6
- How to get all active clients for current session HOT 1
- Exception cleaning tokens is a recurring error that appears. HOT 1
- Need to change the validation message when login HOT 1
- Mixed authentication MVC controller HOT 2
- Force users to login for authorization endpoint HOT 4
- IdentityServer3 HOT 2
- Logout Problem with MvcViewService Implementation HOT 1
- How to set strong password restriction HOT 1
- How to sign my JWT using Firebase private key to integrate with IdentityServer HOT 1
- IdentityServer3 when I submit a form to login sometimes it is very slow HOT 5
- how to use IdentityServer3 in the webform with .net framework 4.0 HOT 4
- Why not just render the login page in the first login requst? HOT 2
- Refresh Tokens
- Any sample with android and retrofit? HOT 2
- React native client example? HOT 1
- "No signin id passed" message
- Custom user service doesn't work with Facebook as external login provider. HOT 1
- Question about single sign out with Identity Server 3 hybrid flow
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver3.