How to get id_token along with access_token from identityserver4 via “password” grant_type?

后端 未结 1 630
伪装坚强ぢ
伪装坚强ぢ 2021-02-13 14:56

I am trying to build an identity provider application using identityserver4; Currently, I am using \"Resource Owner Password Credentials\" flow and it returns access_token and r

相关标签:
1条回答
  • 2021-02-13 15:29

    How to get "id_token" along with "access_token" and "refresh_token" by using the same "Resource Owner Password Credentials" flow?

    You don't.

    In IdentityServer4, the Resource Owner Password Credentials flow provides only access tokens. If you also want an id token, then use the Authorization Code flow, the Implicit Code flow, or the Hybrid flow.

                                           access_token   id_token   refresh_token
    
    Resource Owner Password Credentials        yes           -           yes
    
    Authorization Code                         yes          yes          yes 
    
    Implicit Flow                              yes          yes           - 
    

    Since you're wanting all three token types, and since you appear to be using server-side code, the Authorization Code flow fits best. Some kinds of Hybrid Flow will also work for you.

    From the docs:

    The OAuth 2.0 resource owner password grant allows a client to send username and password to the token service and get an access token back that represents that user.

    From a GitHub issue:

    OpenID Connect does not specify the resource owner flow - only interactive logons at the authorization server (like code or implicit flow). So [in other words,] no identity token - only access tokens.

    0 讨论(0)
提交回复
热议问题