You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can't seem to get the code flow to work as by design it asks for the secret which has no job being on the client.
How exactly is the interaction between the angular SPA and the backend indended to be?
The current docs are quite confusing on this. Any chance we could clear up the docs on that? I'd be happy to contribute as soon as I understand things myself.
Thanks.
The text was updated successfully, but these errors were encountered:
For this library you need an IDS that supports Code Flow with PKCE, preferably without requiring a Client Secret (as that would not make sense for public clients).
new Client
{ClientId="interactive.public",ClientName="Interactive client (Code with PKCE)",RedirectUris={"https://notused"},PostLogoutRedirectUris={"https://notused"},RequireClientSecret=false,RequireConsent=false,AllowedGrantTypes= GrantTypes.Code,RequirePkce=true,AllowedScopes={"openid","profile","email","api"},AllowOfflineAccess=true,RefreshTokenUsage= TokenUsage.ReUse
},new Client
{
ClientId ="interactive.public.short",
ClientName="Interactive client with short token lifetime (Code with PKCE)",RedirectUris={"https://notused"},PostLogoutRedirectUris={"https://notused"},RequireClientSecret=false,RequireConsent=false,AllowedGrantTypes= GrantTypes.Code,RequirePkce=true,AllowedScopes={"openid","profile","email","api"},AllowOfflineAccess=true,RefreshTokenUsage= TokenUsage.ReUse,AccessTokenLifetime=75},
Any improvement to the docs is always welcome of course, though describing the actual working of the flows themselves might to a degree be best left to other sources than this client library?
jeroenheijmans
changed the title
What kind of auth server does one need for code flow? current docs are extremely confusing
What kind of auth server does one need for code flow?
Jun 8, 2020
I can't seem to get the code flow to work as by design it asks for the secret which has no job being on the client.
How exactly is the interaction between the angular SPA and the backend indended to be?
The current docs are quite confusing on this. Any chance we could clear up the docs on that? I'd be happy to contribute as soon as I understand things myself.
Thanks.
The text was updated successfully, but these errors were encountered: