Identityserver4: Question: What does client.AllowAccessTokensViaBrowser exactly do?

Created on 19 Apr 2017  路  4Comments  路  Source: IdentityServer/IdentityServer4

I've red the documentation and I also checked the source code but I couldn't figure out what it exactly is for. In samples it's used in conjunction with Implicit flow but setting it true or false in my Hybrid client didn't seem to change anything?

question
Source
picture deastr

Most helpful comment

IOW - via the authorize endpoint

picture leastprivilege on 20 Apr 2017
4

All 4 comments

it is prohibiting that an access token is delivered via the browser channel - unless explicitly allowed.

leastprivilege picture leastprivilege on 19 Apr 2017

Yes I've seen the check in AuthorizeRequestValidator but what exactly is the "browser channel"? How is it determined that the current token request is made by a browser/javascript client so IdSrv can decide if it should send a token or not?

deastr picture deastr on 19 Apr 2017

IOW - via the authorize endpoint

leastprivilege picture leastprivilege on 20 Apr 2017
4

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

klioqc picture klioqc  路  3Comments
cixonline picture cixonline  路  3Comments
krgm03 picture krgm03  路  3Comments
not-good-with-usernames picture not-good-with-usernames  路  3Comments
wangkanai picture wangkanai  路  3Comments