AddAccessTokenManagement: Only client_credentials grant type is supported?

Question

AddAccessTokenManagement: Only client_credentials grant type is supported?

bugproof opened this issue 4 years ago · comments

I wanted to use device flow or authorization code flow with automatic refresh token management is it possible with this library?

I looked at the code and it seems like this is the case and there's no way you can configure it. IdentityModel helper has required HttpClient extensions though.

Dominick Baier · Answer 1 · Mon Dec 28 2020 16:25:48 GMT+0800 (China Standard Time)

see here for code flow...

https://identitymodel.readthedocs.io/en/latest/aspnetcore/web.html

bugproof · Answer 2 · Mon Dec 28 2020 16:38:01 GMT+0800 (China Standard Time)

@leastprivilege what if an API uses only OAuth 2.0 without OpenID? Will this work?

Dominick Baier · Answer 3 · Mon Dec 28 2020 18:29:43 GMT+0800 (China Standard Time)

no. It assumes that OIDC is used to bootstrap the token. I guess you could work around that as long as the tokens are provided by the session abstraction. But nothing I specifically designed for.

bugproof · Answer 4 · Mon Dec 28 2020 18:51:34 GMT+0800 (China Standard Time)

okay, thank you. I guess I will have to come up with my own solution then using IdentityModel extensions as a base

github-actions · Answer 5 · Sat Feb 20 2021 08:37:40 GMT+0800 (China Standard Time)

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.