Ocelot: IdentityServer

Created on 27 Mar 2017  路  2Comments  路  Source: ThreeMammals/Ocelot

Hi,
I'm doing a project with Ocelot and IdentityServer. I dont understand the usability of some AuthenticationOptions properties.

  1. For example:
"AuthenticationOptions": {
    "Provider": "IdentityServer",
    "ProviderRootUrl": "http://localhost:52888",
    "ApiName": "api",
    "AllowedScopes": [
        "openid",
        "offline_access"
    ],
    "ApiSecret": "secret"
}

Why should you indicate ApiName, ApiSecret or AllowedScopes??? My project works whether I add those data or not add them. I dont understand the usefulness of these parameters since they do not seem to be used. What does Ocelot use for these three properties?

  1. I am also testing the RouteClaimsRequirement property. My token contains a claim ("MyClaim1", "aaa"). I麓m indicating in the configuration.json that key but with another value to prevent the redirection, but still the request is redirected to the api even though the claim is not the desired one. Am I doing something wrong?
"AuthenticationOptions": {
    "Provider": "IdentityServer",
    "ProviderRootUrl": "http://localhost:52888",
    "ApiName": "api",
    "AllowedScopes": [
        "openid",
        "offline_access"
    ],
    "ApiSecret": "secret",
    "RouteClaimsRequirement": {
          "MyClaim1": "bbb"
     }
}

Thanks.

Most helpful comment

@juancash
Could you provide detail steps about how to integrate identity server 4 with ocelot? thank you very much.

All 2 comments

@juancash for point one, these are properties that the identity server middleware uses when it authenticates a request that is marked as authenticated. These may or may not be required. When you write a client api that is going to use identity server tokens you set up the middleware in your client api with something like the following....Ocelot takes the properties passed in below from the AuthenticationOptions object in the configuration.json (note not all options are currently supported, but easy to add).

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
            {
                Authority = Constants.Authority,
                RequireHttpsMetadata = false,

                EnableCaching = false,

                ApiName = "api1",
                ApiSecret = "secret"
            });

For the second point it is likely that the authorisation middleware is not being called. I suspect this because authentication middleware might not be getting called if you are not needing to set things like ApiName, ApiSecret (im pretty sure these are required by identity server middleware but Im on my lunch and dont have time to check right now!!)

Hope that helps a bit!

@juancash
Could you provide detail steps about how to integrate identity server 4 with ocelot? thank you very much.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mkanakis picture mkanakis  路  3Comments

mjrousos picture mjrousos  路  6Comments

piyey picture piyey  路  6Comments

nagybalint001 picture nagybalint001  路  4Comments

ruimaciel picture ruimaciel  路  3Comments