You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
First of all I want to thank you guys for putting together this great solution, I have no idea where I'd be without it. Second, security is not my greatest strength and so this may be a silly question, but...
I have an AngularJS app hosted in an ASP.NET MVC application. I found it easiest to have the MVC application work directly with IdentityServer using implicit flow to register/login, and then once the user authenticates I take the access_token and create a cookie for it for Angular to use.
Does this violate any sort of security rule? I figured I would be ok in doing this since the idsrv cookie is in the browser anyway and holds this data anyway, but I want to be completely sure before I leave myself open for hacks.
The text was updated successfully, but these errors were encountered:
First of all I want to thank you guys for putting together this great solution, I have no idea where I'd be without it. Second, security is not my greatest strength and so this may be a silly question, but...
I have an AngularJS app hosted in an ASP.NET MVC application. I found it easiest to have the MVC application work directly with IdentityServer using implicit flow to register/login, and then once the user authenticates I take the access_token and create a cookie for it for Angular to use.
Does this violate any sort of security rule? I figured I would be ok in doing this since the idsrv cookie is in the browser anyway and holds this data anyway, but I want to be completely sure before I leave myself open for hacks.
The text was updated successfully, but these errors were encountered: