AddAccessTokenManagement: Only client_credentials grant type is supported?
bugproof opened this issue · comments
I wanted to use device flow or authorization code flow with automatic refresh token management is it possible with this library?
I looked at the code and it seems like this is the case and there's no way you can configure it. IdentityModel helper has required HttpClient extensions though.
see here for code flow...
https://identitymodel.readthedocs.io/en/latest/aspnetcore/web.html
@leastprivilege what if an API uses only OAuth 2.0 without OpenID? Will this work?
no. It assumes that OIDC is used to bootstrap the token. I guess you could work around that as long as the tokens are provided by the session abstraction. But nothing I specifically designed for.
okay, thank you. I guess I will have to come up with my own solution then using IdentityModel extensions as a base
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.