Automatic code( authorization code ) redemption using latest version of Katana DLLs in openId authorization code flow

百般思念 提交于 2020-02-07 01:58:10

问题


From the recent release and conversation below, it says that now Katana(4.1.0) supports code-flow with automatic code redemption(that meaning we do not have call tokenendpoint explicitly to redeem the code for idtoken, accesstoken etc)

https://github.com/aspnet/AspNetKatana/pull/297

so, I've upgraded Katana dlls and have p

Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = OnRedirectToIdentityProvider,
                    //MessageReceived = OnMessageReceived, -- previous I were calling token endpoint in this notification
                    SecurityTokenReceived = notification => Task.FromResult(0),
                    SecurityTokenValidated = OnSecurityTokenValidated,
                    AuthenticationFailed = OnAuthenticationFailed,
                    AuthorizationCodeReceived = AuthorizationCodeReceived, -- added this notification per latest improvements
                    TokenResponseReceived = TokenResponseReceived
                }

and the implementation here

 private Task AuthorizationCodeReceived(AuthorizationCodeReceivedNotification arg)
    {
        return Task.FromResult(0);
    }

and Im expecting middleware to call the token endpoint to redeem the auth code, which doesn't happen.

Am I missing something here? should I add some code here for the middleware to redeem the code? Please advsie..

Update:

I have set below as per other blogs,

args.App.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                   //other properties removed for brevity
                    SaveTokens = true,
                    RedeemCode = true,
}

still midleware does not redeem codes automatically.

Just a thought, is this supported on in .NET core? Im actually using .NET Framework 4.7.1.


回答1:


Actually, the above settings were working and making token api call, but failing due to "clientsecret" was missing in my settings, once corrected everything worked just fine.Thank you.



来源:https://stackoverflow.com/questions/59965137/automatic-code-authorization-code-redemption-using-latest-version-of-katana-d

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!