-
-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend token end point and MatchEndPoint not found #1491
Comments
Hey,
That scenario sounds a lot like delegation, which is not supported (yet) in OpenIddict: #1249.
The event you're looking for has been replaced by options.AddEventHandler<ProcessRequestContext>(builder =>
{
builder.UseInlineHandler(context =>
{
var request = context.Transaction.GetHttpRequest() ?? throw new InvalidOperationException();
if (context.EndpointType is OpenIddictServerEndpointType.Unknown &&
request.Path == "/connect/other-token-endpoint")
{
context.EndpointType = OpenIddictServerEndpointType.Token;
}
return default;
});
builder.SetOrder(InferEndpointType.Descriptor.Order + 1);
}); |
Thanks Kevin for your response. Regarding the first query of delegation,
you mentioned Openiddict does not support it at this moment. Is there any
workaround to achieve this ? If yes, please let us know the details.
Actually at this point, we have selected Openiddict as an identity solution
to replace the identity server.
…On Mon, Aug 1, 2022 at 5:50 PM Kévin Chalet ***@***.***> wrote:
Hey,
Our requirement is to extend token which is received from token endpoint
and add an additional scope while calling other microservice endpoint. In
order to achieve this, we need to have additional token endpoint
'/connect/extend'
which would add additional scopes using existing token and create a
extended JWT token to authorize the request.
That scenario sounds a lot like delegation, which is not supported (yet)
in OpenIddict: #1249
<#1249>.
However, am not able to get 'MatchEndpoint' handler. Have looked at the
entire github source code that also does not contain this event
(MatchEndpoint).
The event you're looking for has been replaced by ProcessRequest(Context)
in 3.0 and higher. Here's an example for ASP.NET Core:
options.AddEventHandler<ProcessRequestContext>(builder =>
{
builder.UseInlineHandler(context =>
{
var request = context.Transaction.GetHttpRequest() ?? throw new InvalidOperationException();
if (context.EndpointType is OpenIddictServerEndpointType.Unknown &&
request.Path == "/connect/other-token-endpoint")
{
context.EndpointType = OpenIddictServerEndpointType.Token;
}
return default;
});
builder.SetOrder(InferEndpointType.Descriptor.Order + 1);
});
—
Reply to this email directly, view it on GitHub
<#1491 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2KHESF6P36PZJ3ZOJNPL5DVW66H7ANCNFSM55HG4XUQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Delegation as defined in RFC8693 is a fairly complex thing so it can't be implemented trivially using a "workaround", I'm afraid 😄 That said, if you're interested in sponsoring that feature, let me know. |
Ok.. So how much approximate cost would it be to build that feature, if
that is the case.
…On Mon, Aug 1, 2022 at 9:01 PM Kévin Chalet ***@***.***> wrote:
Thanks Kevin for your response. Regarding the first query of delegation,
you mentioned Openiddict does not support it at this moment. Is there any
workaround to achieve this ? If yes, please let us know the details.
Delegation as defined in RFC8693 is a fairly complex thing so it can't be
implemented trivially using a "workaround", I'm afraid 😄
That said, if you're interested in sponsoring that feature, let me know.
—
Reply to this email directly, view it on GitHub
<#1491 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2KHESEOQ5JXP62YY7Q3B63VW7UV7ANCNFSM55HG4XUQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
@salimz22 you can email me at contact [at] kevinchalet [dot] com to discuss the details 😃 |
Confirm you've already contributed to this project or that you sponsor it
Version
3.x
Describe the bug
Hi,
Our requirement is to extend token which is received from token endpoint and add an additional scope while calling other microservice endpoint. In order to achieve this, we need to have additional token endpoint '/connect/extend'
which would add additional scopes using existing token and create a extended JWT token to authorize the request..
Can you assist to resolve this
You have mentioned in below article about to support new token endpoint using 'MatchEndPoint' handler (https://kevinchalet.com/2018/07/02/implementing-advanced-scenarios-using-the-new-openiddict-rc3-events-model/)
options.AddEventHandler<OpenIddictServerEvents.MatchEndpoint>(notification =>
{}
However, am not able to get 'MatchEndpoint' handler. Have looked at the entire github source code that also does not contain this event (MatchEndpoint).
Could you please assist to resolve this.
To reproduce
Exceptions (if any)
The text was updated successfully, but these errors were encountered: