C

C#

help

Join Server

Asp.Net Core OAuth2 Strip token of claims or Request new token

IIndeed 🐸9/18/2022
I am trying to prevent sending unnecessary tokens to WebApi however I find it hard to do.
I am using Duende.IdentityServer package

These are approaches i am considering.
-To either strip a token of unnecessary claims if it's possible
-or ask for a new token however I do not believe i have access to the code from authorizationcodeflow to request a new token. Having tried to use ClientCredentials Flow I've failed whenever ive asked for user specific information like "role" or even their id using "openid" scope
Image
IIndeed 🐸9/18/2022
Having tried Implicit Flow I get
IIndeed 🐸9/18/2022
Image
IIndeed 🐸9/18/2022
for "APIScope roles"
IIndeed 🐸9/18/2022
Image
IIndeed 🐸9/18/2022
for "APIScope roles openid"
IIndeed 🐸9/18/2022
      new() {
        ClientId = "POSTMAN",
        ClientSecrets = {new Secret("POSTMAN".Sha256())},

        AllowedGrantTypes = GrantTypes.Implicit,

        // where to redirect to after login
        RedirectUris = {"https://oauth.pstmn.io/v1/browser-callback"},

        // where to redirect to after logout
        PostLogoutRedirectUris = {$"{IpAddresses.MVCServer}/signout-callback-oidc"},

        AllowedScopes = new List<string> {
          Scopes.ApiScope.Name,
          Scopes.Roles.Name,
          IdentityServerConstants.StandardScopes.OpenId,
          IdentityServerConstants.StandardScopes.Profile
        },
        RequirePkce = false,
        AllowPlainTextPkce = false,
        AllowAccessTokensViaBrowser = true
      }
IIndeed 🐸9/18/2022
  public static IEnumerable<IdentityResource> IdentityResources =>
    new IdentityResource[] {
      new IdentityResources.OpenId(),
      new IdentityResources.Profile(),
      Scopes.Roles
    };

  public static IEnumerable<ApiScope> ApiScopes =>
    new[] {Scopes.ApiScope};
IIndeed 🐸9/18/2022
Image
IIndeed 🐸9/18/2022
ClientCredentials Scope is for Machine-Machine call so it can't transfer user information