-
Notifications
You must be signed in to change notification settings - Fork 6
Register a Browser Based Application with Fabric.Identity
Register with Implicit flow.
To register your client with Fabric.Identity, you will need to POST the JSON request body to the following URL:
POST https://{machinename}.hqcatalyst.local/identity/api/client
with an Authorization header of
Bearer {access_token}
where {access_token} is retrieved per the instructions in Retrieving an Access Token from Fabric.Identity.
The request below assumes your application is accessible at http://localhost/sampleApp.
{
"clientId": "sample-application",
"clientName": "Sample Application",
"allowedScopes": [
"openid",
"profile",
"fabric.profile"
],
"allowedGrantTypes": [
"implicit"
],
"allowedCorsOrigins": [
"http://localhost/sampleApp"
],
"redirectUris": [
"http://localhost/sampleApp/oidc-callback.html"
],
"postLogoutRedirectUris": [
"http://localhost/sampleApp"
],
"allowOfflineAccess": false,
"requireConsent": false
}
The oidc-client library is a library that implements the OpenID Connect protocol from a client application perspective. While you don't necessarily have to use this library, it is highly recommended that you use some library as it makes integration much simpler. For a complete, working example of an Angular SPA using the oidc-client library with Fabric.Identity, see our sample.
Below are the steps necessary to get a JavaScript application running with the oidc-client library and Fabric.Identity:
- Add the oidc-client NPM package to your project
- Configure and instantiate the UserManager (preferably in some sort of module):
var clientSettings = {
authority: 'http://localhost:5001/',
client_id: 'fabric-spa-sample',
redirect_uri: 'http://localhost/oidc-callback.html',
post_logout_redirect_uri: 'http://localhost',
response_type: 'id_token token',
scope: 'openid profile fabric.profile',
filterProtocolClaims: true,
loadUserInfo: true
};
userManager = new UserManager(clientSettings)
- Create a function to login via the userManager
function login() {
userManager.signinRedirect().then(function () {
console.log("signin redirect done");
}).catch(function (err) {
console.log(err);
});
};
- Create a function to logout via the userManager
function logout() {
userManager.signoutRedirect();
};
- Add the oidc-callback.html that completes the sign-in handshake with IdentityServer,
- the URI for this html page must match a URI provided in the redirectUris array when you registered the client with IdentityServer
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<h1 id="waiting">Waiting...</h1>
<div id="error"></div>
<script src="assets/oidc-client.min.js"></script>
<script>
Oidc.Log.logger = console;
new Oidc.UserManager().signinRedirectCallback().then(function (user) {
if (user == null) {
document.getElementById("waiting").style.display = "none";
document.getElementById("error").innerText = "No sign-in request pending.";
console.log("at oidc-callback, but user is null");
}
else {
console.log("user is not null, redirecting to index");
window.location = "/";
}
})
.catch(function (er) {
document.getElementById("waiting").style.display = "none";
document.getElementById("error").innerText = er.message;
});
</script>
</body>
</html>
- Once that is all in place, wire up a Login button to call the login() function created previously and the authentication flow should be kicked off.
http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth