0

Please or Register to create posts and topics.

setup implicit grant client for angular app

Is there an example of how to register an external angular client with  RedirectUris, PostLogoutRedirectUirs and for that client to use the quick app login page/controls and then redirect back to its own site based on the angular-auth-oidc-client NPM package etc.

I added a new client to the IdentityServerConfig and added the admin role claim and all permissions but when I try to execute certain endpoints that required edit user policy, its not saying the client has permission.  How can you make this new client have admin permissions and able to access any of the api endpoints from external client app.

 

new Client
{
ClientId = "my_new_client",
// no interactive user, use the clientid/secret for authentication
AllowedGrantTypes = GrantTypes.ClientCredentials,
// secret for authentication
ClientSecrets =
{
new Secret("MySecret".Sha256())
},
// scopes that client has access to
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId, // For UserInfo endpoint.
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Phone,
IdentityServerConstants.StandardScopes.Email,
ScopeConstants.Roles,
ApiName
},
Claims = new[]
{
new Claim(ClaimConstants.Permission, ApplicationPermissions.ViewUsers ),
new Claim(ClaimConstants.Permission, ApplicationPermissions.ManageUsers ),
new Claim(ClaimConstants.Permission, ApplicationPermissions.ViewRoles ),
new Claim(ClaimConstants.Permission, ApplicationPermissions.ManageRoles ),
new Claim(ClaimConstants.Permission, ApplicationPermissions.AssignRoles ),
new Claim("role", "administrator")
},
ClientClaimsPrefix = ""
}
};

In the new client app i'm passing the credentials etc and I am authenticating with the api but doesn't seem to get getting access when the policy handlers are invoked.

var client = httpClientFactory.CreateClient();
//var disco = await client.GetDiscoveryDocumentAsync("https://localhost:44350/");
var disco = await discoveryCache.GetAsync();

if (disco.IsError)
{
Console.WriteLine(disco.Error);
return BadRequest();
}
// request token
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = disco.TokenEndpoint,

ClientId = "my_new_client",
ClientSecret = "MySecret",
Scope = "my_api"
});

if (tokenResponse.IsError)
{
Debug.WriteLine(tokenResponse.Error);
return BadRequest();
}

//call the sso api
client.SetBearerToken(tokenResponse.AccessToken);

var response1 = await client.PostAsJsonAsync<UserViewModel>("https://localhost:44350/api/account/users", new UserViewModel { UserName = "dan", Roles = new string[] { "administrator" } });
if (!response1.IsSuccessStatusCode)
{
return BadRequest(response1.StatusCode);
}

I am getting authenticated but my authorizationHandlers are not succeeding event though I added all the claim permissions and role in the client registration

 

There was big with authorization handler..working as expected now

Eben Monney has reacted to this post.
Eben Monney