Changed Xamarin app authentication to Hybrid flow

2017-05-29 08:30:33 +02:00 · 2017-05-29 08:30:33 +02:00 · 55271568e9
commit 55271568e9
parent b435d8d5c3
2 changed files with 20 additions and 13 deletions
--- a/src/Mobile/eShopOnContainers/eShopOnContainers.Core/Services/Identity/IdentityService.cs
+++ b/src/Mobile/eShopOnContainers/eShopOnContainers.Core/Services/Identity/IdentityService.cs
@ -14,8 +14,9 @@ namespace eShopOnContainers.Core.Services.Identity
            // Dictionary with values for the authorize request
            var dic = new Dictionary<string, string>();
            dic.Add("client_id", "xamarin");
-            dic.Add("response_type", "id_token token");
-            dic.Add("scope", "openid profile basket orders");
+            dic.Add("client_secret", "secret"); 
+            dic.Add("response_type", "code id_token token");
+            dic.Add("scope", "openid profile basket orders offline_access");

            dic.Add("redirect_uri", GlobalSetting.Instance.IdentityCallback);
            dic.Add("nonce", Guid.NewGuid().ToString("N"));
@ -24,7 +25,7 @@ namespace eShopOnContainers.Core.Services.Identity
            var currentCSRFToken = Guid.NewGuid().ToString("N");
            dic.Add("state", currentCSRFToken);

-            var authorizeUri = authorizeRequest.Create(dic);
+            var authorizeUri = authorizeRequest.Create(dic); 
            return authorizeUri;
        }

--- a/src/Services/Identity/Identity.API/Configuration/Config.cs
+++ b/src/Services/Identity/Identity.API/Configuration/Config.cs
@ -1,7 +1,6 @@
-using IdentityServer4.Models;
-using Microsoft.Extensions.Options;
+using IdentityServer4;
+using IdentityServer4.Models;
 using System.Collections.Generic;
-using IdentityServer4;

 namespace Identity.API.Configuration
 {
@ -56,19 +55,26 @@ namespace Identity.API.Configuration
                {
                    ClientId = "xamarin",
                    ClientName = "eShop Xamarin OpenId Client",
-                    AllowedGrantTypes = GrantTypes.Implicit,
-                    AllowAccessTokensViaBrowser = true,
-                    RedirectUris =          { clientsUrl["Xamarin"] },
+                    AllowedGrantTypes = GrantTypes.Hybrid,                    
+                    //Used to retrieve the access token on the back channel.
+                    ClientSecrets =
+                    {
+                        new Secret("secret".Sha256())
+                    },
+                    RedirectUris = { clientsUrl["Xamarin"] },
                    RequireConsent = false,
                    PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" },
-                    AllowedCorsOrigins =     { "http://eshopxamarin" },
-                    AllowedScopes =
+                    AllowedCorsOrigins = { "http://eshopxamarin" },
+                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
+                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        "orders",
                        "basket"
-                    }
+                    },
+                    //Allow requesting refresh tokens for long lived API access
+                    AllowOfflineAccess = true                    
                },
                new Client
                {
@ -96,7 +102,7 @@ namespace Identity.API.Configuration
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        "orders",
-                        "basket",
+                        "basket"
                    },
                }
            };