I'm using the refresh flow sample, but i added the instrospection middleware since my resource server is separated from my authorization server. Using the angular app, I'm able to connect to the authorization server. Everything works. But I noticed in the Implicit Flow sample that the following code was added:
if (await manager.FindByClientIdAsync("aurelia", cancellationToken) == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "aurelia",
DisplayName = "Aurelia client application",
PostLogoutRedirectUris = { new Uri("http://localhost:9000/signout-oidc") },
RedirectUris = { new Uri("http://localhost:9000/signin-oidc") }
};
await manager.CreateAsync(descriptor, cancellationToken);
}
Do I need to add something similar to this for the Refresh flow?
If you don't configure OpenIddict to require a client_id for token requests (by calling options.RequireClientIdentification()) then creating an application in the database is not mandatory to be able to use the refresh token flow.