public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
// JS applications cannot keep their credentials secret: since this Aurelia demo uses a JS app,
// client authentication must be skipped to indicate to the OIDC server that the client cannot be trusted.
context.Skipped();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skipped()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skipped();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context) {
if (context.ClientId == "AspNetContribSample") {
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skipped();
}
else {
// If the client_id doesn't correspond to the
// intended identifier, reject the request.
context.Rejected();
}
return Task.FromResult(0);
}