I am trying to setup IdentityServer4 to authenticate a webforms project running against .net framework => 4.6.2, a Single page WCF REST application with XML SOAP WCF services as well (also => 4.6.2).
The Single page appliction uses bearer tokens from the client. This works when using then nuget package IdentityServer3.AccessTokenValidation, but restricts the version of IdentityModel to < 2. There is no app builder extension in the IdentityServer4.AccessTokenValidation project and I cant find an example of how to configure this correctly. Is this possible, or am i restricted to using V3 with bearer tokens if my client application is not running dotnet core?
If so how much of a problem would it be in the future not being able to update the IdentityModel package to version 2 and above?
I have been searching into this cant find an obvious solution. Have I missed something simple or misunderstood how i should be using bearer tokens from the oidc js client in OWIN?
The only answers I can find say to use IdentityServer3.AccessTokenValidation instead of 4, but I'm concerned the restriction on the IdentityModel class may cause problems in the future.
Any help would be greatly appreciated.
Thanks
Paul
You can use IdentityServer3.Contrib.AccessTokenValidation NuGet package maintained by the community. This package will use IdentityModel > 3 which should resolve your issues.