« You thought identity management is done? Think twice: thinktecture IdentityServer v2 Beta is here | Main | Test post »

11/05/2012

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Chuck

I really appreciate the example since it helped clarify a few different concepts for me regarding creating a pure html PhoneGap-based mobile app and calling Identity Server with KendoUI.

One thing that may be worth nothing (since it tripped me up initially) is that while the above example works great out of the box with the debug version of Identity Server, if you install the released build I believe that in addition to your instructions above you will also need to log into Identity Server as an admin, go to Protocols, enable OAuth2 (since is only enabled in the debug version by default), and then click on the Protocols OAuth2 link that just appeared and enable Enable Implicit flow.

One question I did have, though: if one is very concerned about security because of the nature of their application would you consider this approach secure when Identity Server returns the access token to the callback url as a parameter?

And if not, is there a better approach you would recommend for a pure html/css/javascript/phonegap mobile app which is going to be calling web services to get their data?

Christian Weyer

Hi Chuck,

interesting points.
Could you be so kind and browse over to the IdSrv issues list and add a new issue:
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues

Thanks,
-Christian

Maximilian Alexander

I might be really confused, but in this flow, is there any possiblity to login through an external provider like the home realm discovery screen (i.e. using Google, Facebook, ADFS etc...)

Christian Weyer

Hi Maximilian,

can we please keep all questions & discussions on the GitHub repo's issue list? :)
Thanks!

https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues

Omegaluz.wordpress.com

Very nice! This app provides a great playground to get up and running with Identity Server.

Question - is it possible to set up this kind of client login via the other Identity Providers - like the Facebook, Google, or Live providers? Specifically, instead of hitting the ~/issue/oauth2/authorize url, could it hit the ~/issue/hrd url?

Christian Weyer

Hey - no, sorry. This is currently not possible.
Maybe we will consider this later... or you find some money to throw at us to do it sooner than later ;)

Nestor Reyes

Good example, but how would I trigger a logout?

Christian Weyer

Nestor,

can you please direct this question to the IdSrv forums?
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues

Thanks!

Julien Morvan

Hi nice article but it seems like OAuth2 now doesnt allow non SSL callback url... How should I go about setting up my callback on a cordova app?

Thanks

Stack247.wordpress.com

Awesome example Chris!

Few things to help other folks who encounter same problem I have.

For HTTPS, you can either turn it off in IdentityServer configuration (General configuration), or use self-signed SSL certificate in IIS.
If using SSL, make sure applicationConstants.js's oAuthConfig redirect_uri also use HTTPS. This must match your OAuth Clients setting in IdentityServer.
applicationConstants.js's endpoints IdpOauthEndpointUrl must match your IdentityServer URL.

Next thing is, the sample project 's web.config oauthSigningKey need to change. The key must match your Relying Party's Symmetric Signing Key.

Finally, SecurityConfig.cs in the sample project also need a little modification. The issuer parameter for AddJsonWebToken must match your issuer's Site ID. This can be seen in General Configuration of the Identity Server.

HTH

The comments to this entry are closed.