Code Monkey home page Code Monkey logo

Comments (14)

leastprivilege avatar leastprivilege commented on June 20, 2024

These are all valid points for legacy applications. But since Microsoft already previewed their new OpenID Connect middleware for Katana - the module has currently no high priority. Feel free to work on it!

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

I would help on this, I need a ASP.Net/WebForms app to support OIDC so (I think) I cannot rely on the Katana middleware :(

from identityserver3.

leastprivilege avatar leastprivilege commented on June 20, 2024

WebForms and Katana can work together (just like MVC and Katana).

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

sob I'm doing well today. I'd read: http://stackoverflow.com/questions/19423097/is-it-possible-to-use-katana-to-host-an-existing-webforms-application-within-a-w and trusted it :/

from identityserver3.

leastprivilege avatar leastprivilege commented on June 20, 2024

Well - it is right and wrong - MVC and WebForms cannot be hosted using Katana. But you can still use Katana middleware (e.g. the templates in VS2013 use Google authentication middleware).

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

Ah, ok. right, thank you for the clarification, that makes sense :)

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

.... so I've investigated the katana OpenIdConnect middleware and it appears to not support the codeflow. I can't find any supporting documentation with it to suggest there is any intention to either (no raised issues, comments in discussion forums etc.) :( (this surprises me somewhat so perhaps I'm misunderstanding its purpose!)

Before I try and re-grok the source do you know for a fact that I'm wrong about this ? (also, and related it doesn't support the ability to get back an ID+Access token at the same time [ https://katanaproject.codeplex.com/discussions/542150 ] ) long story short, your module appears to be significantly better at first + second glance to my untrained eyes!

Update: Ah. https://katanaproject.codeplex.com/workitem/247

from identityserver3.

leastprivilege avatar leastprivilege commented on June 20, 2024

see here:
#54

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

Thanks, that covers the access token, but I'm more concerned about them only supporting the implicit flow had loosely understood that flow as being the 'least secure' and should only be used when the client can't be trusted, but the implication of the middleware + azure is that implicit flows are A-Ok ?

from identityserver3.

leastprivilege avatar leastprivilege commented on June 20, 2024

Implicit just means that the client authentication is implicit.

They also do hybrid flow btw - but IdSrv does not support that (yet).

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

(implicit) Sure, but doesn't that mean the level of trust you should be willing to grant requests from that client should be lower (for example issuing shorter duration access tokens?) (I had been planning to make sure all my internal (non mobile) trusted web applications utilised the code flow, based on this potentially wrong understanding!

from identityserver3.

leastprivilege avatar leastprivilege commented on June 20, 2024

Well it depends on a number of factors - implicit is for JS/native applications (no client secret but redirect URI) where credential/consent should happen on the AS - whereas using code flow requires the flow triggered by a server and due to client credentials gives you additional features like refresh tokens.

from identityserver3.

ciaranj avatar ciaranj commented on June 20, 2024

Ok. That matches my understanding, I just (naively it would seem!) assumed that code flow was one of the commonest flows! Thank you as always!

from identityserver3.

leastprivilege avatar leastprivilege commented on June 20, 2024

Closing this for now. Please open a new issue if you plan to work on an HttpModule for backwards compat.

from identityserver3.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.