hi
Is your problem solved?
Thanks
hi
is there a way to bind token to specific device.
Third parties can also steal your cookie if the access token can be stolen.
Binding is meaningless.
Thanks.
hi
access token can be spoofed or stolen
First, the access token can't be spoofed.
Then, if your Angular and server use HTTPS, it's also unlikely that the token gets stolen.
If the other party can steal your access token, then they can also steal the username and password, adding a session cookie will not provide protection.
Thanks.
hi
What is the exception detail?
Thanks.
hi
and we want to securely associate each access token with a unique session identifier stored in a HttpOnly cookie.
Are you worried that the access token will be leaked?
Thanks.
But I couldn't reproduce the problem in a new microservice template after configuring WebRemoteDynamicClaimsPrincipalContributorOptions.
The dynamic claims works.
hi
Hi, I've tried this and doesn't work.
Can you share a simple project to show that?
Thanks.
liming.ma@volosoft.com
hi
Can you share the debug logs? liming.ma@volosoft.com
https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
Thanks.
hi
The logs don't show any authorization error. Do you have an API website?
Please share the API logs(please ShowPII and output identity model logs.).
Thanks.
hi
liming.ma@volosoft.com
