Activities of "maliming"

hi

You can change the check. eg OpenIddictServerEndpointType.Token

if (context.EndpointType != OpenIddictServerEndpointType.Authorization ||
    context.AuthorizationCodePrincipal == null)
{
    return;
}

你可以在authserver中这样做, 之后blazor server 或者 wasm要主动触发认证, 然后重定向到authserver中, 完成认证后再次重定向会应用中. 请参考https://abp.io/community/articles/implementing-passwordless-authentication-with-asp.net-core-identity-c25l8koj

默认的项目模版就是这样工作的.

Blazor Server 或者 WASM 会使用code流通过AuthServer完成认证(获取access token/ id token).

你的最终需求是在authserver中完成登录吗?

谢谢

hi

I noticed that it gets executed 4 times. Is this the expected behavior? This causes an issue because I cannot reliably set my claim value to false.

Yes, the BankIdClaimsPrincipalContributor will be called by some services. So executing 4 times is normal.

You can use BankIdOpenIddictServerHandler to add more claims.

This works, but it only adds the claim to the access_token. How can I also include the claim in the id_token?

Can you change your BankIdOpenIddictServerHandler code to add claims to context.IdentityTokenPrincipal?

Thanks,

hi

Blazor Server and WASM apps can only redirect to the AuthServer project to sign in(code flow).

Thanks.

hi

Please set the issuer, and add a middleware to set ctx.Request.Scheme to HTTPS

public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
    {
        serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", configuration["AuthServer:CertificatePassPhrase"]!);
        serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
    });
}

public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
    var app = context.GetApplicationBuilder();
    var env = context.GetEnvironment();

    app.Use((ctx, next) =>
    {
        /* This application should act like it is always called as HTTPS.
         * Because it will work in a HTTPS url in production,
         * but the HTTPS is stripped out in Ingress controller.
         */
        ctx.Request.Scheme = "https";
        return next();
    });

hi

I updated my PR code.

XXXCore and XXXAuth are both auth servers.

So you can use a username and password to get an access token from them.

But the user has to exist in their database.

hi

After creating a user in your XXXCore database, you can send a token request to XXXCore to obtain the user access token.

Thanks,

Great : )