0

We currently have identityserver v2 (and ws-fed for our websites), and now we would like to authenticate with a phonegap app. How could this be implemented? I understand ws-fed is not an option, so for oauth our options are (I might be wrong here):

  • Resorce owner flow
  • Implicit grant flow

I've looked at the resource owner flow here, but it looks quite complicated, and I could find much documentation for it (read: a simple example ready to clone :-) )

The Implict flow I found some example here, but it seems to require a redirect_uri, and I can't understand how that could be achived on an app.

I noticed that in my STS admin site, there was an option for OpenID Connect also, could that be used?

I would be happy if someone could point us in the right direction?

Thanks for any help

Larsi

I've seen that in v3 some new possibilities are present (an maybe even a phonegap sample here), but unfortunatly no upgrade to v3 is currently planned

Larsi
  • 4,654
  • 7
  • 46
  • 75

1 Answers1

0

You was correct using openId connect with Implicit flow 

GET /authorize?
response_type=id_token%20token
&client_id=s6BhdRkqt3
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
&scope=openid%20profile
&state=af0ifjsldkj
&nonce=n-0S6_WzA2Mj HTTP/1.1
Host: server.example.com

A if the user successfully authenticates they will receive a response like the following 

HTTP/1.1 302 Found
Location: https://client.example.org/cb#
access_token=SlAV32hkKG
&token_type=bearer
&id_token=eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso
&expires_in=3600
&state=af0ifjsldkj

Many openID connect libraries just parse the response and extract the relevant values the redirect is ignored

Madu Alikor
  • 2,544
  • 4
  • 21
  • 36