If I'm using client with implicit flow is it possible to request resource scopes along with identity scopes?
I tried creating OpenIdConnectAuthenticationOptions as below:
new OpenIdConnectAuthenticationOptions
{
ClientId = "implicitclient",
Authority = ...,
RedirectUri = ...,
ResponseType = "id_token token",
Scope = "identity_scope resource_scope",
...
Still when authenticated getting back only identity_scope.
Any help and comments appreciated.
EDIT: just a bit of background
I have two clients: implicit flow client and resource owner flow client. I need to share identity and resource scopes between them.
For the implicit flow client I started to use "id_token token" response_type.
For resource owner client I first request access token using
OAuth2Client.RequestResourceOwnerPasswordAsync()
including all required scopes. After that I'm querying userinfo endpoint with provided access token to get user claims.
Right after your client has received the id_token and access_token from the identity server it's the client's responsibility to immediately validate the id token.
This happens by calling the user info endpoint with the received access token in the authorization header as bearer.
The user info endpoint should normally return all requested scopes... Have you tried that already?
BTW: what version of IdentityServer are you using?
EDIT: Also very important to know: does your 'resource_scope' show up in the consent screen?