Flutter & .NET dev here. I needed this video! Thanx. PS: You're not too bad for someone who says knows nothing about dart ^^
@RawCoding2 жыл бұрын
Cheers, as I’ve learned later dart is basically c#
@DavidSanchez-gs3pi2 жыл бұрын
Thanks so much for the explanation! It had been a long time without getting the login to work for me and the problem was the issue of cookies.
@RawCoding2 жыл бұрын
cheers
@Kardenslayer4 жыл бұрын
This is pure gold! Such great content and this is just what I've been looking for in the past and now I can have this as hindsight. Thank you so much Raw coding!
@RawCoding4 жыл бұрын
Thanks for watching:)
@Kardenslayer4 жыл бұрын
@@RawCoding Tried out openid_client after your video just and one thing really annoyed me and that was when the user logs in there is for a split second a html pageview saying "You can now close this page". Imo that is really ugly. Have looked at the package and ofcourse its changeable from source code but have you manage a better way?
@RawCoding4 жыл бұрын
No, I don’t know anything about flutter or the package, you’ll have to look for yourself
@Kardenslayer4 жыл бұрын
@@RawCoding OKey thanks anyway :)
@h2hern9524 жыл бұрын
Flutter and .Net = Subscribed!
@RawCoding4 жыл бұрын
Hopefully more flutter stuff in the future!
@burroughsjd4 жыл бұрын
Awesome stuff. I would love to see a video on Android oidc client.
@RawCoding4 жыл бұрын
Thank you, but I think you are missing the point of these videos. It's meant to show you can do it yourself.
@marcomezzina59264 жыл бұрын
Hi, great video! If I don't want to open the browser to login, but I want to use the application interface, so only API calls, how can I do it?
@RawCoding4 жыл бұрын
always redirect.
@marcomezzina59264 жыл бұрын
@@RawCoding do you know a way, with other client libraries or a different server technology, to do this? That is, don't leave the app's UI in flutter and use calls to APIs
@RawCoding4 жыл бұрын
There is a way, but don’t do it.
@marcomezzina59264 жыл бұрын
@@RawCoding suppose it's not a choice, but an imposed bond. Does the basic server architecture always have to be IdentityServer4?
@RawCoding4 жыл бұрын
Well you are the professional no one can impose anything on you, you are the one who says how it’s done. And your second question is confusing.
@KrishnaList4 жыл бұрын
Great stuff👍🏼👍🏼👍🏼
@RawCoding4 жыл бұрын
Thank you
@thyeaa2 жыл бұрын
awesome tutorial. We have a scenario where we have implemented azure active directory for our website. Once, sign in through the azure ad, the page will be redirected back to the identityserver and it will authorize the user directly go into home page. However, we have to implement the azure ad login feature for our mobile application too. Is it possible to utilize the existing azure ad login url of our website in flutter mobile app and once success login, and close the webview then back to the flutter app with access token? Any advices would be appreciated, thanks.
@RawCoding2 жыл бұрын
as long as azure ad support openId protocol then yes.
@rickethjohnzabate68213 жыл бұрын
You have a sample video for login and register without redirecting to an identityserver page?
@RawCoding3 жыл бұрын
No
@nehfi4 жыл бұрын
Hey, thanks for the job done! Really good stuff! Could you also create video about ResourceOwnerPasswordGrant flow? I think it should be useful in case if we owning the apps/server and want to have consistent UX.
@RawCoding4 жыл бұрын
Ye I’m not doing that. ROPC is not something you use because you want consistent UX. There are like 2 situations in which it’s credible to use it and they are very rare.
@nehfi4 жыл бұрын
@@RawCoding Then such a question. I am doing a microservices project with react SPA front-end and react-native app clients. There is identity microservice based on IS4. All microservices are behind Nginx gateway api. I was considering to use ROPC. Do you think it irrelevant here? Thanks
@RawCoding4 жыл бұрын
@@nehfi don't use it, always redirect for signin
@kacper1344 жыл бұрын
Hi, thanks for the great series! I'm in the middle of adding Identity with IdentityServer4 to Flutter. Everything seems fine except the logout... How do you logout via flutter? I tried hitting the endsession endpoint, which does invoke the auth/logout action, it goes through but nothing happens. After that i can still call my api and i'm authorized. I've tried setting tokenResponse = null, which prevents me from calling the api because there's no token, but still if i hit the Login button in flutter - instead of getting the login view asking for new login/password to get logged in -> it automatically logs me in to the user that has just been used. Which comes down to imposibility of logging to a different user. And why doesn't the identityserver4 get rid of the tokens on it's side to prevent it from being authorized? My guess was that it has something to do with application cookie which is not getting deleted on the flutter side, but can't find a way to do it? Any clue about this one?
@kacper1344 жыл бұрын
I did overcome it for the time being by setting "config.ExpireTimeSpan = TimeSpan.FromSeconds(1);" in the ConfigureApplicationCookie. But this is just a quick fix for now. I don't think this should stay like this. It doesn't change the fact that the logout doesnt do anything. (I tried logging out by passing ID_Token/AccessToken/TokenResponse to endsession?id_token_hint=, but none of them seem to do anything (couldn't figure out what the id_token_hint is anyway)
@RawCoding4 жыл бұрын
Ye that’s not a good solution. I haven’t implemented logout with flutter yet, but I’d say look at how it’s recommend in the oidc spec
@dejanradojevic32972 жыл бұрын
Hi, does anyone know what could be the problem when in Postman I receive a refresh token cookie in header, but in flutter cookie is not in the header , everything else is ok, I get 200 status and all other information from the claims, and in header when receive response i have only content-type and missing cookie. backend is build with .net core 2.1. Thanks for any help
@RawCoding2 жыл бұрын
You’ll have to debug and check the logic on the backend
@awaisshabir91694 жыл бұрын
Please make a video on angular oidc client as well
@RawCoding4 жыл бұрын
Try to do it using this library github.com/manfredsteyer/angular-oauth2-oidc and refer to the sample here github.com/manfredsteyer/angular-oauth2-oidc/tree/master/projects/sample If you can't do it in 3 days, leave another comment here or msg me on discord and I will do it. I don't like angular so I'd rather not touch it or endorse it.
@ferooref76144 жыл бұрын
Could you please make a video about google login with "authoriztion code flow" for .Net Core + React (I would appreciate if u built the React app with "create-react-app" and .net core app separately). THANK YOU.
@RawCoding4 жыл бұрын
You’ve linked me a pretty good tutorial in the previous comment why not follow it?
@ferooref76144 жыл бұрын
@@RawCoding Yeah, but I am kind of sad, that I wanted to do the "code flow" and could not figure out how to do it since the article does not describe the code flow.
@RawCoding4 жыл бұрын
You get the code in your browser and then you have to manually redirect that code to your call back endpoint to process the code and have your backend exchange the tokens. That seems like the only difference
@ahmadbl20744 жыл бұрын
Awesome, thanks a lot for your effort I have a question; sorry I'm beginner with Ids4, so I want to ask you, what is the best practice to do, I will use identityserver4 but till now I can't understand the flow of it, for ex: I have MVC website for my individual customers So I have used the repositories with services pattern to communicate with the database Also I have an API for my merchants, so for secure each of that, I decided to use identity server4 so: My ques that: is it necessary to create an internal API to communicate with the repositories and services in the MVC client then secure that API (internal API) by identity server Or there is no need for that API at all, so I should just secure the MVC client (but if I use this approach then I can't force de-activate the user account till his cookie expired as I noticed) Sorry for the lengthy explanation
@RawCoding4 жыл бұрын
Cheers, but I don’t understand what problem you are trying to solve
@ahmadbl20744 жыл бұрын
@@RawCoding In short: How we can de-activate the user account (ban by admin) and enforce him to re-login, but without having the API in our system, just "identity/auth" server and "MVC" client, is this possible or we should create and use API with reference token for the client??
@RawCoding4 жыл бұрын
Yes you will need a reference token to be able to invalidate it. This is a very hard problem I can’t help you here.
@ahmadbl20744 жыл бұрын
I know how to implement and solve that with reference token and api with token validator by ids4 ... but my question is just to ensure from you if there is a way to do that without using an API in our project, i mean just ids4 and mvc client
@RawCoding4 жыл бұрын
Why do you need an identity server if you don’t have an api?
@xmartinez224 жыл бұрын
APIResources does not work with IdentityServer4. what version are you using?