Question: How can i get a token from a controller? about openiddict-core HOT 6 CLOSED

Now i need to return a JSON Web Token. How can i do this from my AuthController?? I also need to do the same thing when a user logs in using an email and password.

This is not something we support (at all): aspnet-contrib/AspNet.Security.OpenIdConnect.Server#194 (comment)

Though popularized by well-known libraries like Satellizer, the flow you're trying to implement - that consists in starting the authorization process from your JS app and making the token request server-side - is not really standard and thus, not supported by OpenIddict (not to mention that you have to be extremely careful to avoid session fixation or XSRF attacks).

Here's the recommended approach:

• Let your ASP.NET 5 app (not the JS side) handle the external authentication process, using the appropriate social providers (app.UseFacebookAuthentication()/app.UseGoogleAuthentication()).
• Register your OpenIddict server in the Satellizer options, but not the external providers:

$authProvider.oauth2({
    name: 'openiddict',
    url: '/auth/openiddict',
    clientId: '[the client_id you assigned to your JS app in Startup.cs]',
    redirectUri: window.location.origin,
    authorizationEndpoint: '[your ASP.NET 5 base address]/connect/authorize',
});

• Optionally, customize your login page (by default, in AccountController) to render a popup-friendly form, where the social providers are listed.

I'd love to add an AngularJS sample for OpenIddict demonstrating the best practices. Would you like to work with me on a sample using Satellizer?

from openiddict-core.

So the accountController needs a server side view, like the ones in the example? Does this also allow you to "not" use cookies? Just want to get this work asap, but the right way as well.

Happy to help on a sample, that would really help me. What would you like me to do? I can strip my current application, to a very basic with angular and satellizer if you want?

from openiddict-core.

So the accountController needs a server side view, like the ones in the example? Does this also allow you to "not" use cookies? Just want to get this work asap, but the right way as well.

True, you'd need server side views to render the login page (and you'd have to use cookies, at least during the login process).

Happy to help on a sample, that would really help me. What would you like me to do? I can strip my current application, to a very basic with angular and satellizer if you want?

Yeah, having a basic Angular/Satellizer app would be nice 👍

from openiddict-core.

Working on one now 👍

from openiddict-core.

This is harder than i thought, i have created a basic app, but because the angular app is on the Index page, you cant just open the server side Accounts page, as this will lose the angular app, and thus Satellizer will not work. I am figuring out something else though, so will keep you posted

from openiddict-core.

Right, i am created a basic angular app (using the Mvc.Server as a template) and i can open a window, login and callback to the angular app. How can i get the accessToken for the logged in user??

from openiddict-core.