Changed Xamarin app authentication to Hybrid flow mode

src/Mobile/eShopOnContainers/eShopOnContainers.Core/Services/Identity/IdentityService.cs

@@ -14,8 +14,9 @@ namespace eShopOnContainers.Core.Services.Identity
             // Dictionary with values for the authorize request
             var dic = new Dictionary<string, string>();
             dic.Add("client_id", "xamarin");
-            dic.Add("response_type", "id_token token");
-            dic.Add("scope", "openid profile basket orders");
+            dic.Add("client_secret", "secret"); 
+            dic.Add("response_type", "code id_token token");
+            dic.Add("scope", "openid profile basket orders offline_access");
 
             dic.Add("redirect_uri", GlobalSetting.Instance.IdentityCallback);
             dic.Add("nonce", Guid.NewGuid().ToString("N"));
@@ -24,7 +25,7 @@ namespace eShopOnContainers.Core.Services.Identity
             var currentCSRFToken = Guid.NewGuid().ToString("N");
             dic.Add("state", currentCSRFToken);
 
-            var authorizeUri = authorizeRequest.Create(dic);
+            var authorizeUri = authorizeRequest.Create(dic); 
             return authorizeUri;
         }
 

src/Services/Identity/Identity.API/Configuration/Config.cs

@@ -1,7 +1,6 @@
-using IdentityServer4.Models;
-using Microsoft.Extensions.Options;
+using IdentityServer4;
+using IdentityServer4.Models;
 using System.Collections.Generic;
-using IdentityServer4;
 
 namespace Identity.API.Configuration
 {
@@ -56,19 +55,26 @@ namespace Identity.API.Configuration
                 {
                     ClientId = "xamarin",
                     ClientName = "eShop Xamarin OpenId Client",
-                    AllowedGrantTypes = GrantTypes.Implicit,
-                    AllowAccessTokensViaBrowser = true,
-                    RedirectUris =          { clientsUrl["Xamarin"] },
+                    AllowedGrantTypes = GrantTypes.Hybrid,                    
+                    //Used to retrieve the access token on the back channel.
+                    ClientSecrets =
+                    {
+                        new Secret("secret".Sha256())
+                    },
+                    RedirectUris = { clientsUrl["Xamarin"] },
                     RequireConsent = false,
                     PostLogoutRedirectUris = { $"{clientsUrl["Xamarin"]}/Account/Redirecting" },
-                    AllowedCorsOrigins =     { "http://eshopxamarin" },
-                    AllowedScopes =
+                    AllowedCorsOrigins = { "http://eshopxamarin" },
+                    AllowedScopes = new List<string>
                     {
                         IdentityServerConstants.StandardScopes.OpenId,
                         IdentityServerConstants.StandardScopes.Profile,
+                        IdentityServerConstants.StandardScopes.OfflineAccess,
                         "orders",
                         "basket"
-                    }
+                    },
+                    //Allow requesting refresh tokens for long lived API access
+                    AllowOfflineAccess = true                    
                 },
                 new Client
                 {
@@ -96,7 +102,7 @@ namespace Identity.API.Configuration
                         IdentityServerConstants.StandardScopes.Profile,
                         IdentityServerConstants.StandardScopes.OfflineAccess,
                         "orders",
-                        "basket",
+                        "basket"
                     },
                 }
             };