Reputation: 127
IdentityServer4 and Hybrid flow
We have the following structure:
UI -> API1 -> API2 -> API3 -> DB
In this structure we want to authorize user on every step, so we used the following design:
- Client -> UI with Scope to API1
- API resource -> API1 API2 API3
Now when the User logs in to Identity Server by UI, the Client gets an Id token and Reference token.
This Reference token will be exchanged by the Middle layer on the API1. As the token has scope to API1 it can access API1 endPoints.
My question, will it be able to call API2 with the token it got from the Identityserver?
Upvotes: 0
Views: 462
Answers (1)
Reputation: 1584
Unless the Access Token has includes scopes for API2 and API3 you will not automatically gain access to API2 and API3.
You can avoid having to add API2 and API3 scopes to the original token by using an Extension Grant. More information can be found here: http://docs.identityserver.io/en/release/topics/extension_grants.html#refextensiongrants
Upvotes: 2
Related Questions
- How to find out to use best flow in IdentityServer?
- Identity Server Confusion
- identityserver4 Hybrid follow without competed login
- Authentication for hybrid flow for ASP.NET MVC client
- Partial login workflow using AspNetCore 2.0 Identity integrated with IdentityServer4
- Authorizaton Flow in identity Server 4: Unsupported Grant Type
- IdentityServer4 claims are not part of the token on hybrid flow
- Identity Server 4 Hybrid Flow error with Client Secret
- IdentityServer Hybrid Flow - Access Token is null after user successful login
- IdentityServer3 implicit flow