Reputation: 473
identityserver3 & MVC (web socket) & "websocket server" architecture
I want to implement identityserver3 Authentication & Authorization on MVC. And i'm using web sockets on MVC app. I have a self-hosted-web-socket-server (SHWSS). My client side web sockets communicate with my SHWSS. After successful login on identityserver how can I use these claims and tokens for websocket to SHWSS security. I dont want my SHWSS answer to unauth requests.
I think It's somehow a SSO scenario. Which flow SHWSS must implement?
Thanks & Regards
public enum Flows
{
AuthorizationCode = 0, //introduced in OAuth2 then extended by OIDC.
Implicit = 1, //introduced in OAuth2 then extended by OIDC.
Hybrid = 2, //introduced in OIDC
ClientCredentials = 3, //OIDC specs didn't extend this flow.
ResourceOwner = 4, //OIDC specs didn't extend this flow.
Custom = 5,
}
Upvotes: 0
Views: 286
Answers (1)
Reputation: 7435
The problem with web sockets is that the JS API does not allow setting custom request headers (like Authorization so you can pass a bearer token). I think the assumption is that you would use cookies as the authentication mechanism.
The other idea is to pass the access token as a custom param on every web socket request.
Upvotes: 0
Related Questions
- How do mobile apps gain long-lived access to their API's?
- ASP.NET MVC+API and WCF with claims-based authorization and authentication against a custom DB and active directory
- MVC Core and IdentityServer3
- How to setup Identity Server 3 for IOS client using Authorization Code flow
- ADFS + IdentityServer3 + Mobile + MVC
- IdentityServer Authentication Endpoint -> error=invalid_request failureReason="STATUS_CODE"
- Why is a signing certificate needed for Implicit Flow in IdentityServer3, but not for ClientCredential and ResourceOwner flows?
- IdentityServer3: How to assign ClientSecret to MVC Client?
- Requesting token directly from IdentityServer3 via Javascript using username/password