You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
App1, a Javascript SPA using a modified OAuthClient.js to enable Authorization Code Flow. We use IdSrv.v3 to authenticate and exchange the authorization code for an Access Token to be used as Bearer token on local WebAPI. No problems thus-far.
App2, an ASP.NET Forms Application, is also registered with IdSrv.v3 as a client/RP and using Authorization Code Flow. App2 hosts an aspx webpage that will be called via a hyperlink/URL from App1. This will result in a new browser tab/instance displaying the said App2 ASP.NET page.
We are clearly looking for SSO behaviour, so what would be the correct method to follow to get access to the page as discussed above without the user having to log in again at IdSrv.v3 redirected from App2?
Your hard work is much appreciated!!
The text was updated successfully, but these errors were encountered:
Thank you for confirming this, the simplicity on the implementation side of things is really what makes IdSrv shine. We got somewhat sidetracked by complicating the issues at hand and in the process overlooked the obvious.
So after initially authenticating at IdSrv.v3 via App1, and while handling the http request (originating from clicking the App1-hyperlink) on App2 we would need to store the requested url (together with query string) in a session variable.
Then when the authorization round-trip to IdSrv.v3, via App2, returns to our App2 callback page, and we see that we still have a valid session going - we could extract the originally requested url from the session and redirect the user the requested page.
Would that be a safe and advisable way to go about it or is there a better way?
We currently have the following situation:
App1, a Javascript SPA using a modified OAuthClient.js to enable Authorization Code Flow. We use IdSrv.v3 to authenticate and exchange the authorization code for an Access Token to be used as Bearer token on local WebAPI. No problems thus-far.
App2, an ASP.NET Forms Application, is also registered with IdSrv.v3 as a client/RP and using Authorization Code Flow. App2 hosts an aspx webpage that will be called via a hyperlink/URL from App1. This will result in a new browser tab/instance displaying the said App2 ASP.NET page.
We are clearly looking for SSO behaviour, so what would be the correct method to follow to get access to the page as discussed above without the user having to log in again at IdSrv.v3 redirected from App2?
Your hard work is much appreciated!!
The text was updated successfully, but these errors were encountered: