1

I am busy integrating a new React front end with a .net Core API, using Identity Server 4.

The flow type we are using is Resource Owner Password Credentials.

There are two reasons I do not wish to use oidc-client-js:

  1. It is 433 KB
  2. It does not support our flow type

At the moment I am able to get the discovery document and login using the token_endpoint. The return after I login contains: access_token, expires_in and token_type but not session_state.

I am currently attempting to replicate the CheckSessionIFrame as can be seen in the oidc-client-js repository.
It is constructed with callback, client_id, url & interval and started by passing in the session_state.

My problem is that I cannot figure out how to get the session_state from Identity Server 4.

  1. I would appreciate any advice on the situation as a whole.
  2. Can you explain to me how I can get the session_state?

Many thanks
Charles

Improve this question

1 Answer 1

Reset to default
2

Resource Owner Flow does not allow for sessions because it is a browserless flow much like the client credentials flow. In other words, IdentityServer4 cannot issue a cookie for your session.

oidc-js probably does not support password grant because it is a simple restful call, nothing too complicated.

If you want checksession you will need to use a human interaction based flow like implicit flow.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Lutando, that makes a lot of sense. We are intent on polling to check that the token is still valid so will investigate whether any of the other endpoints will allow for that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.