Search code examples

OWIN middleware for OpenID Connect - Code flow ( Flow type - AuthorizationCode) documentation?

In my implementation I am using OpenID-Connect Server (Identity Server v3+) to authenticate MVC 5 app (with AngularJS front-end)

I am planning to use OID Code flow (with Scope Open_ID) to authenticate the client (RP). For the OpenID connect middle-ware, I am using OWIN (Katana Project) components.

Before the implementation, I want to understand back-channel token request, refresh token request process, etc using OWIN.. But I am unable to find any documentation for this type of implementation (most of the available examples use Implicit flow).

I could find samples for generic Code flow implementation for ID Server v3 here

I am looking for a similar one using OWIN middleware ? Does anyone have any pointers ?


  • Edit: good news, code flow and response_mode=query support was finally added to Katana, as part of the 4.1 release (that shipped in November 2019):

    Be sure to set the RedeemCode property to true if you want it to handle the communication with the token endpoint.

    The OpenID Connect middleware doesn't support the code flow: (it's already fixed in the ASP.NET 5 version, though).

    Actually, only the implicit flow (id_token) is officially supported, and you have to use the response_mode=form_post extension. Trying to use the authorization code flow will simply result in an exception being thrown during the callback, because it won't be able to extract the (missing) id_token from the authentication response.

    Though not directly supported, you can also use the hybrid flow (code + id_token (+ token)), but it's up to you to implement the token request part. You can see for an example.