Thinktecture IdentityServer v3, hybrid flow - is it possible to implement single sign-on with valid authentication but wrong authorization
Question
I'm considering using IdentityServer v3 in one of my projects, but I wonder if there is a possiblity to achieve such scenario of single sign-on using hybrid flow:
At the begining the user attempts to login and obtain some scope but has no privileges to use it and receives some kind of error message. In the same time receives an ID Token, because the user name and password were valid.
Then he/she tries to login to obtain some other scope which is allowed for that user. In this case the user doesn't have to again fill the login page, because gave the valid name and password at the last time.
In other words: is it possible to use SSO with a valid authentication and an invalid authorization, and then at the second time skip authentication process (because it was valid at the last time) and do only the authorization which doesn't require any end user interaction?
1 answers
solution1
1 ACCPTED 2015-08-11 00:09:08
Authentication & authorization are different activities. IdentityServer (IdS) will authenticate a user, but it's up to your site to authorise them.
In your 2 scenarios, if IdS can authenticate the user, then it will do, regardless of any authorisation in place, as that happens once the authentication has occurred.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.