Aspnetcore: Authentication on SPA apps
_From @Dave3of5 on August 23, 2017 7:54_
There seems to be no template for authentication on the SPA templates.
I've been looking up various blog post and third party articles on how to add Jwt Authentication but they are scattered and most are for dotnet core 1.1. It would be nice if there was a template that showed the "correct" way to do this in dotnet core 2.0.
_Copied from original issue: aspnet/Templates#864_
Eilon
All 13 comments
_From @brockallen on August 24, 2017 1:58_
Consider IdentityServer for issuing tokens, and oidc-client for your SPA to obtain tokens.
https://github.com/IdentityServer/IdentityServer4/
https://github.com/IdentityModel/oidc-client-js/
Eilon
on 24 Oct 2017
_From @Dave3of5 on August 24, 2017 8:17_
@brockallen Nice plug ;-) but all the documentation on IdentityServer4 still references version 1.1 and the examples don't seem to work anymore in v2.0.
I also notice this : IdentityServer/IdentityServer4/issues/1055 which is still open so IDS4 for the moment is a no go.
Eilon
on 24 Oct 2017
_From @brockallen on August 24, 2017 13:3_
It's closer than the Microsoft one :)
Eilon
on 24 Oct 2017
_From @PeterWone on October 11, 2017 1:6_
@brockallen I've used (or more accurately used, misused and abused) Identity Server with Durandal. That I liked it does not change the fact that it requires a level of understanding on the part of the developer that isn't widespread. This stuff needs to be baked into the template (a) to make it ubiquitous (b) to make implementation consistent (c) to prevent incompetent implementation which is worse than no security at all.
Eilon
on 24 Oct 2017
_From @brockallen on October 11, 2017 4:0_
Security requires a level of understanding on part of the developer. Sorry.
And FWIW, IdentityServer4 has been released for ASP.NET Core 2.
Eilon
on 24 Oct 2017
Also, oidc-client is OIDC certified: https://openid.net/certification/#RPTable
brockallen
on 24 Oct 2017
Any progress on this?
@brockallen I have indeed tried many times at this and each time I have failed, mostly with the complexity of configuring OAuth and connecting that to a Spa framework . The closest I've seen is:
https://github.com/ThunderDev1/reactjs-ts-identityserver
But this is split out into 3 separate endpoints which I don't want. I tried (and failed) to bring these together into a single endpoint. Also to note is that the endpoint are hardcoded all over the place in that example from in the backend code to the frontend which is less that ideal.
Do you have any plan for this type of example in the IDServer 4 docs ?
Dave3of5
on 26 Mar 2018
Do you have any plan for this type of example in the IDServer 4 docs ?
You can cohost your API and IdentityServer. We show that here in our NDC London session: https://vimeo.com/254635632
brockallen
on 26 Mar 2018
can cohost your API and IdentityServer
@brockallen Thanks a lot for this I'll take a look. Can you host the API, IdentityServer and a Spa on the same project? That's what I'm really looking for.
Dave3of5
on 26 Mar 2018
Yep, all possible.
brockallen
on 26 Mar 2018
Is there any update on this? It's been a while since I raised this. @brockallen do you have an example of hosting an API, IdentityServer and a Spa all within the same project that I can try ?
Dave3of5
on 29 Nov 2018
We showed how to do this back in January 2018: https://vimeo.com/254635632
brockallen
on 17 Dec 2018
This has been merged for preview3
javiercn
on 22 Feb 2019
Related issues
ipinak
路
3Comments
guardrex
路
3Comments
TanvirArjel
路
3Comments
mj1856
路
3Comments
FourLeafClover
路
3Comments
Most helpful comment
This has been merged for preview3