How to configure runtime ClientId & ClientSecret based on requested API in...
We have configured IdentityServer4 host using .Net core library and all APIs are developed using .Net full framework.
We do have requirement to support audit logging feature for each request and decide whether requested API can be accessed by client or not.
IdentityServer3.AccessTokenValidation library needs ClientId & ClientSecret which is nothing but APIResourceName & APIResourceSecret or WebRequestHandler to fire Introspection events.
But the problem here is, we do have multiple APIs like Patient,Employee,Customer etc.
How to pass ClientId & ClientSecret dynamically based on requested resource/API from a client?
Note :
With this configuration, it fires TokenIntrospectionSuccess & TokenIntrospectionFailure events. We have do have event subscriber which listen to this events and based on available infomration, we can log that requested resource access by client was successful or not.
If this information is not sufficient then please let me know.
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions()
{
Authority = "http://localhost:5000/",
ClientId = "PatientAPI",
ClientSecret = "secretvalue",
ValidationMode = ValidationMode.ValidationEndpoint,
});
c# identityserver4 identityserver3
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
add a comment |
We have configured IdentityServer4 host using .Net core library and all APIs are developed using .Net full framework.
We do have requirement to support audit logging feature for each request and decide whether requested API can be accessed by client or not.
IdentityServer3.AccessTokenValidation library needs ClientId & ClientSecret which is nothing but APIResourceName & APIResourceSecret or WebRequestHandler to fire Introspection events.
But the problem here is, we do have multiple APIs like Patient,Employee,Customer etc.
How to pass ClientId & ClientSecret dynamically based on requested resource/API from a client?
Note :
With this configuration, it fires TokenIntrospectionSuccess & TokenIntrospectionFailure events. We have do have event subscriber which listen to this events and based on available infomration, we can log that requested resource access by client was successful or not.
If this information is not sufficient then please let me know.
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions()
{
Authority = "http://localhost:5000/",
ClientId = "PatientAPI",
ClientSecret = "secretvalue",
ValidationMode = ValidationMode.ValidationEndpoint,
});
c# identityserver4 identityserver3
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
You don’t need client id or secret. Properties are there for when you use open id flows (like implicit flow) and your web app is client itself. I assume the clients you refer to are using client credentials flow?
– Vidmantas Blazevicius
Dec 30 '18 at 0:28
add a comment |
We have configured IdentityServer4 host using .Net core library and all APIs are developed using .Net full framework.
We do have requirement to support audit logging feature for each request and decide whether requested API can be accessed by client or not.
IdentityServer3.AccessTokenValidation library needs ClientId & ClientSecret which is nothing but APIResourceName & APIResourceSecret or WebRequestHandler to fire Introspection events.
But the problem here is, we do have multiple APIs like Patient,Employee,Customer etc.
How to pass ClientId & ClientSecret dynamically based on requested resource/API from a client?
Note :
With this configuration, it fires TokenIntrospectionSuccess & TokenIntrospectionFailure events. We have do have event subscriber which listen to this events and based on available infomration, we can log that requested resource access by client was successful or not.
If this information is not sufficient then please let me know.
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions()
{
Authority = "http://localhost:5000/",
ClientId = "PatientAPI",
ClientSecret = "secretvalue",
ValidationMode = ValidationMode.ValidationEndpoint,
});
c# identityserver4 identityserver3
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
We have configured IdentityServer4 host using .Net core library and all APIs are developed using .Net full framework.
We do have requirement to support audit logging feature for each request and decide whether requested API can be accessed by client or not.
IdentityServer3.AccessTokenValidation library needs ClientId & ClientSecret which is nothing but APIResourceName & APIResourceSecret or WebRequestHandler to fire Introspection events.
But the problem here is, we do have multiple APIs like Patient,Employee,Customer etc.
How to pass ClientId & ClientSecret dynamically based on requested resource/API from a client?
Note :
With this configuration, it fires TokenIntrospectionSuccess & TokenIntrospectionFailure events. We have do have event subscriber which listen to this events and based on available infomration, we can log that requested resource access by client was successful or not.
If this information is not sufficient then please let me know.
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions()
{
Authority = "http://localhost:5000/",
ClientId = "PatientAPI",
ClientSecret = "secretvalue",
ValidationMode = ValidationMode.ValidationEndpoint,
});
c# identityserver4 identityserver3
c# identityserver4 identityserver3
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
asked Dec 29 '18 at 16:07
Pariv ShahPariv Shah
1
1
You don’t need client id or secret. Properties are there for when you use open id flows (like implicit flow) and your web app is client itself. I assume the clients you refer to are using client credentials flow?
– Vidmantas Blazevicius
Dec 30 '18 at 0:28
add a comment |
You don’t need client id or secret. Properties are there for when you use open id flows (like implicit flow) and your web app is client itself. I assume the clients you refer to are using client credentials flow?
– Vidmantas Blazevicius
Dec 30 '18 at 0:28
You don’t need client id or secret. Properties are there for when you use open id flows (like implicit flow) and your web app is client itself. I assume the clients you refer to are using client credentials flow?
– Vidmantas Blazevicius
Dec 30 '18 at 0:28
You don’t need client id or secret. Properties are there for when you use open id flows (like implicit flow) and your web app is client itself. I assume the clients you refer to are using client credentials flow?
– Vidmantas Blazevicius
Dec 30 '18 at 0:28
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53971146%2fhow-to-configure-runtime-clientid-clientsecret-based-on-requested-api-in-ident%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53971146%2fhow-to-configure-runtime-clientid-clientsecret-based-on-requested-api-in-ident%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You don’t need client id or secret. Properties are there for when you use open id flows (like implicit flow) and your web app is client itself. I assume the clients you refer to are using client credentials flow?
– Vidmantas Blazevicius
Dec 30 '18 at 0:28