3

I have an existing database that holds user credentials as well a map of what applications those user credentials have access to. In identity server I have each application setup as a client and users can authenticate successful. However, any user gets authorized for any application. I am wondering if there is a way that I can access which client is being requested from my implementation of IUserService? This way I can check if they are authorized for that app.

Scott
  • 11,046
  • 10
  • 51
  • 83

1 Answers1

6

IdentityServer allows for custom validation of the requests via the ICustomRequestValidator interface. You can implement this and return an error to prevent a user from getting a token for a client.

Let us know on the github issue tracker if you have more feedback on this.

Nerdroid
  • 13,398
  • 5
  • 58
  • 69
Brock Allen
  • 7,385
  • 19
  • 24
  • Thanks Brock I'll take a look into it. I did a quick look through the samples and the wiki on github and wasn't able to find any documentation on this. Do you happen to have a blog post on custom validators? – Scott Jan 07 '15 at 19:31
  • No, there's no sample of this. I'll open an issue on github to have one added. – Brock Allen Jan 07 '15 at 21:59
  • 1
    @BrockAllen - do you have a link for this issue - is it issue 750 by any chance? – Vidar Feb 23 '16 at 12:02