IdentityServer4 Custom External Provider Refresh Token Flow
up vote
0
down vote
favorite
I just have a couple of queries around how flows work when you are working with a custom external OIDC provider when working with IdentityServer4
I have an implementation of IdentityServer4. It holds all the information on users for my organisations products. As well as its own local database, it can pull these from a custom external OIDC IDP that has been set up.
The reliant party application is a native application and so will use the hybrid flow when contacting my identity server. When I click through to my custom external IDP should it use the same flow to the external IDP, and how is management of the tokens handled in this instance.
For example
- Reliant party calls authorise with implicit code flow.
- User chooses third party IDP rather than log directly into the IDS4 server.
- What flow should be used here. The original request is for Hybrid, but technically the call from IDS4 to the external provider is via a web request so it could equally use another method?
Additionally
- The access token my RP is using expires, and so I use a refresh token to get another token from IDS4.
- The access token has expired that the external service provider provided to IDS4, although IDS4 has a locally provisioned a local account from the external provider.
- What will happen here, will IDS4 use the refresh token and give the RP a new access token or will it realise the external provided access token is no longer valid an prompt the user to reauthenticate against the external provider.
Many Thanks,
-Lee
security identityserver4 oidc
asked Nov 8 at 16:55
Lee
215
add a comment |
up vote
0
down vote
favorite
I just have a couple of queries around how flows work when you are working with a custom external OIDC provider when working with IdentityServer4
I have an implementation of IdentityServer4. It holds all the information on users for my organisations products. As well as its own local database, it can pull these from a custom external OIDC IDP that has been set up.
The reliant party application is a native application and so will use the hybrid flow when contacting my identity server. When I click through to my custom external IDP should it use the same flow to the external IDP, and how is management of the tokens handled in this instance.
For example
- Reliant party calls authorise with implicit code flow.
- User chooses third party IDP rather than log directly into the IDS4 server.
- What flow should be used here. The original request is for Hybrid, but technically the call from IDS4 to the external provider is via a web request so it could equally use another method?
Additionally
- The access token my RP is using expires, and so I use a refresh token to get another token from IDS4.
- The access token has expired that the external service provider provided to IDS4, although IDS4 has a locally provisioned a local account from the external provider.
- What will happen here, will IDS4 use the refresh token and give the RP a new access token or will it realise the external provided access token is no longer valid an prompt the user to reauthenticate against the external provider.
Many Thanks,
-Lee
security identityserver4 oidc
asked Nov 8 at 16:55
Lee
215
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I just have a couple of queries around how flows work when you are working with a custom external OIDC provider when working with IdentityServer4
I have an implementation of IdentityServer4. It holds all the information on users for my organisations products. As well as its own local database, it can pull these from a custom external OIDC IDP that has been set up.
The reliant party application is a native application and so will use the hybrid flow when contacting my identity server. When I click through to my custom external IDP should it use the same flow to the external IDP, and how is management of the tokens handled in this instance.
For example
- Reliant party calls authorise with implicit code flow.
- User chooses third party IDP rather than log directly into the IDS4 server.
- What flow should be used here. The original request is for Hybrid, but technically the call from IDS4 to the external provider is via a web request so it could equally use another method?
Additionally
- The access token my RP is using expires, and so I use a refresh token to get another token from IDS4.
- The access token has expired that the external service provider provided to IDS4, although IDS4 has a locally provisioned a local account from the external provider.
- What will happen here, will IDS4 use the refresh token and give the RP a new access token or will it realise the external provided access token is no longer valid an prompt the user to reauthenticate against the external provider.
Many Thanks,
-Lee
security identityserver4 oidc
asked Nov 8 at 16:55
Lee
215
I just have a couple of queries around how flows work when you are working with a custom external OIDC provider when working with IdentityServer4
I have an implementation of IdentityServer4. It holds all the information on users for my organisations products. As well as its own local database, it can pull these from a custom external OIDC IDP that has been set up.
The reliant party application is a native application and so will use the hybrid flow when contacting my identity server. When I click through to my custom external IDP should it use the same flow to the external IDP, and how is management of the tokens handled in this instance.
For example
- Reliant party calls authorise with implicit code flow.
- User chooses third party IDP rather than log directly into the IDS4 server.
- What flow should be used here. The original request is for Hybrid, but technically the call from IDS4 to the external provider is via a web request so it could equally use another method?
Additionally
- The access token my RP is using expires, and so I use a refresh token to get another token from IDS4.
- The access token has expired that the external service provider provided to IDS4, although IDS4 has a locally provisioned a local account from the external provider.
- What will happen here, will IDS4 use the refresh token and give the RP a new access token or will it realise the external provided access token is no longer valid an prompt the user to reauthenticate against the external provider.
Many Thanks,
-Lee
security identityserver4 oidc
security identityserver4 oidc
asked Nov 8 at 16:55
Lee
215
asked Nov 8 at 16:55
Lee
215
asked Nov 8 at 16:55
Lee
215
asked Nov 8 at 16:55
Lee
215
asked Nov 8 at 16:55
Lee
215
215
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53212563%2fidentityserver4-custom-external-provider-refresh-token-flow%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
