Skip to content
This repository has been archived by the owner on Dec 14, 2017. It is now read-only.

More configuration options #69

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

eddietisma
Copy link

@eddietisma eddietisma commented Jun 23, 2017

I'm running IdentityServer3 and trying to host the admin interface on different URL than IdentityServer3, and ran into some configuration issues.

  1. The authorization endpoint for oidc-token-manager is hard-coded to use request path + "/authorize".
  2. I want to use my own AdminSecurityConfiguration based on UseIdentityServerBearerTokenAuthentication in IdentityServer3.AccessTokenValidation nuget. Currently this is not possible due to internal constructor.
  3. The client_id for oidc-token-manager is harded-coded to use Constants.IdAdmMgrClientId.

I would rather get this into your nuget instead of having my own fork. What do you think?

@eddietisma
Copy link
Author

eddietisma commented Jun 23, 2017

To get a better picture, this is what I'm trying to achieve:

public static class IdentityServerAdminConfig
{
    public static void Configuration(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
            
        var options = new IdentityAdminOptions
        {
            AdminSecurityConfiguration = new IdentityServerAdminBearerTokenConfig
            {
                RequireSsl = false,
                BearerAuthenticationType = Constants.BearerAuthenticationType,
                AdminRoleName = "OidcAdmin",
                OidcSettings = new
                {
                    authority = AuthorityConfig.Authority,
                    response_type = "id_token token",
                    scope = "openid profile roles oidc.adminApi",
                    client_id = "oidc.admin",
                    redirect_uri = AuthorityConfig.Authority + "/admin" + Constants.CallbackFragment,
                    authorization_endpoint = AuthorityConfig.AuthorizeEndpoint,
                }
            },
            Factory = TacdisIdentityServerAdminServiceFactory.CreateFactory(),
        };

        app.UseIdentityAdmin(options);
    }
}
public class IdentityServerAdminBearerTokenConfig : AdminSecurityConfiguration
{
    public override void Configure(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

        var options = new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = AuthorityConfig.Authority,
            ValidationMode = ValidationMode.Local,
            AuthenticationMode = AuthenticationMode.Active,
            RequiredScopes = new[] { "oidc.adminApi" },
            DelayLoadMetadata = true,
        };

        app.UseIdentityServerBearerTokenAuthentication(options);
    }
}

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant