how to find OAuth flow type from controller after authentication?
I use IdentityServer4 to protect my .Net Core based API. In my API controllers, I need to determine what type of authentication flow (client credential, authorization code, etc.) the client is using. But I can't find it from ClaimsPrincipal or anywhere else. How can I find the flow from API controller?
For WEB.API's in ASP.NET Core you alawys use the AddJwtBearer method in your startup class to protect it. It will look at the incoming request and then if a valid token is found, create a ClaimsPrincipal user.
Then if you are not seeing any claims in the ClaimsPrincipal, then that can depend on many other factors, what does your access token contain? and what ClaimsMapping have you done.
Like this picture show:
To tell the clients apart in the API, you can use ClientClaims in IdentityServer .
Like this picture from one of my training classes shows:
- ASP.NET Core doesn't create an authentication cookie when SameSite is set to none
- Issue with login widget in streamlit
- Prevent Captive Portal auto-close after authentication (Android)
- SmartGIT does not ask for ssh key
- how to use bitbucket access token with JGit instead of user / pass
- handling username / password in cookie for login
- Why is the page still loading after an redirect?
- Return the user's role when we authenticate with ASP.NET WebApi
- why Bad state: add(LoginEvent) was called without a registered event handler. Make sure to register a handler via on<LoginEvent>((event, emit) {...})
- API Gateway Custom Authorizer: Control error message and code
- Blazor MFA Login using Entra - Setting Session Length
- What's the point of refresh token?
- Minimal API or AccountController for Login with ASP.NET Core Identity?
- authMiddleware doesn't exist after installing clerk
- Laravel 9 Registered Users Cannot login
- C# ApiController : multiple authentication methods
- Supabase onAuthStateChange keeps triggering (remix)
- Invalid Login Credentials in Oracle APEX After Resetting the Password from the Administration Panel in ADB-S
- Problem with PgBouncer auth method not same type
- AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
- Woocommerce authentication with phone number OR normal login
- NestJS JWT Strategy requires a secret or key
- How to change mongodb password in docker compose
- 404.17 error - requested content appears to be script
- who creates the passkey (and how many will be created?)
- Enter Key with Two Login Controls
- JWT generate token with algorithm ES256
- Why can't Google Drive be mounted anymore and shows a browser popup instead of a link for authorization?
- Enable interactive render mode on Blazor templates accounts pages
- how do i link login form to html website on computer