Reputation: 1
IdentityServer4 OpenId Connect with jwt instead of cookies
Over the last few days i've been struggling to understand everything about oauth 2.0, openid, openid connect, and managed to easily make it work with IS4 (with openId Connect).
Now all the tutorials show how you can achieve that via cookies, but nobody even tells me if it is possible to achieve it without the cookies, so just with jwt. I do know that the cookie itself contains the id jwt and the auth jwt, but i just can't stand the idea that it is limited to just web sites that can use cookies, and not mobile apps, for example.
If it is possible to achieve this just with jwt, and no cookie, can someone post a code sample or a place to read about it? It's driving me nuts for the last 2-3 days :(
Upvotes: 0
Views: 254
Answers (1)
Reputation: 5264
OpenID Connect does indeed support a variety of use cases including desktop and mobile as well as pure SPAs. That was one of the design goals of the standard.
This introduction covers all of that: https://vimeo.com/113604459
If you're after specific code samples then check out these projects:
Native client support: https://github.com/IdentityModel/IdentityModel.OidcClient2
JavaScript clients: https://github.com/IdentityModel/oidc-client-js
Upvotes: 3
Related Questions
- Authentication using both Session cookies and/or JWT Bearer Token in .Net Framework Legacy Appliction
- Handling authorization with IdentityServer4
- Use IdentityServer4 to generate token for client
- Jwt and Cookie Authentication
- ASP.NET Core 3+ JWT authentication
- openid connect 2.0 and setting authentication JWT in http only cookie
- Authorize via JWT Token
- Using IdentityServer 4 and ASP.NET Web Application (.NET Framework)
- Asp.Net WebApi Core 2.0 Identity With JWTBearer Without cookies
- Using Identity with token and cookie authentication