1

I cannot find the values of blazorweba_oidcpkce_sample:access issued by FoxIDs. I wonder if it should stored it in appsettings.json. Thanks!

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
Angela Lee
  • 77
  • 1

1 Answers1

1

The sample client blazorweba_oidcpkce_sample is configured in FoxIDs and the client is granted the blazorweba_oidcpkce_sample:access scope which gives access to call the backend API. Both the frontend client and and backend resource (API) have the same name (blazorweba_oidcpkce_sample) in this scenarie.

The sample client request the blazorweba_oidcpkce_sample:access which is configured in appsettings.json.

The API verificeres that the access token contain the scope and grant access if the scope is present.

The test user test1@foxids.com with password TestAccess! on the FoxIDs test track has two roles role1 and role2. It is possible to require e.g. role1 in the policy like this:

public static void AddPolicy(AuthorizationOptions options)
{
    options.AddPolicy(_name, policy =>
    {
        policy.RequireScopeAndRoles(
            new ScopeAndRoles { Scope = "blazorweba_oidcpkce_sample:access", Roles = new [] { "role1" } }
        );
    });
}
Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • 1
    Thanks Anders! However, if Identity server is not able to provide authorization, do you have any suggestion? – Angela Lee Apr 11 '21 at 23:22
  • Then the request will either end on the identity server or you get back an error response in the Blazor application which results in an exception. – Anders Revsgaard Apr 12 '21 at 07:20