Comments (7)
Hawxy
commented on June 12, 2024
That's going to be difficult as the current setup isn't designed to support multiple clients. I'll need to have a think about this.
from auth0net.dependencyinjection.
Poltergeisen
commented on June 12, 2024
Ah darn. Let me know how I can help. If you have a rough idea of how to
implement it, then maybe I can do a PR
…On Tue, Aug 23, 2022, 7:34 PM JT ***@***.***> wrote:
That's going to be difficult as the current setup isn't designed to
support multiple clients. I'll need to have a think about this.
—
Reply to this email directly, view it on GitHub
<#10 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKVIV2O654AWXR4RM6357V3V2VUZLANCNFSM57NKY5XA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from auth0net.dependencyinjection.
Hawxy
commented on June 12, 2024
I'm looking into this and have some queries about your architecture. Generally how I see Machine-to-Machine clients being used is in a one-to-many fashion, so you'd have a single MtM client for a single system that's authorized to access x number of APIs (audiences). As far as I can tell your monolith uses multiple MtM clients and each one is permitted access to a single API, is that correct?
I'd understand the use of multiple MtM clients to maintain security isolation in separate systems, but that doesn't seem to be the case here.
from auth0net.dependencyinjection.
Poltergeisen
commented on June 12, 2024
Yes I believe that we may have implemented it backwards in a way. It's too
late for me to change it now, but I can understand if you don't want to
change your library to accommodate this edge case.
Instead of my main applicationlike "users" which needs to contact
"notifications" and "settings" having its own credentials, it seems like we
have a client Id and secret for both notifications and settings alone.
There is not an app or m2m setup specifically for users.
I'd have to dig into it more to be sure but I was replacing a self written
authentication service that we had to use this library since it was much
more simple and reduced a lot of code.
…On Wed, Aug 24, 2022, 3:59 AM JT ***@***.***> wrote:
I'm looking into this and have some queries about your architecture.
Generally how I see Machine-to-Machine clients being used is in a
one-to-many fashion, so you'd have a single MtM client for a single system
that's authorized to access x number of APIs (audiences). As far as I can
tell your monolith uses multiple MtM clients and each one is permitted
access to a single API, is that correct?
—
Reply to this email directly, view it on GitHub
<#10 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKVIV2NY5KQH2BGXWOK7RHTV2XQANANCNFSM57NKY5XA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from auth0net.dependencyinjection.
Poltergeisen
commented on June 12, 2024
Honestly I'm not very well versed in authorization/authentication so I may not be explaining it very well either.
from auth0net.dependencyinjection.
Hawxy
commented on June 12, 2024
Instead of my main applicationlike "users" which needs to contact
"notifications" and "settings" having its own credentials, it seems like we
have a client Id and secret for both notifications and settings alone.
There is not an app or m2m setup specifically for users.
I'm guessing someone made the assumption that MtM clients are similar to SPA/Native clients and should be unique per service.
I had a quick run-through of the codebase to see if it'd be possible for me to add support for named clients so I could support this scenario, however it'd require a significant refactor. It's also not a scenario I want to promote so the time investment isn't really worth it for myself.
If you don't have the time to refactor your solution, I would just adjust one of the MtM clients to have API access to both services (Auth0 Dashboard -> Applications -> (settings/notifications client) -> APIs) and pass the same credentials down to both sets of extensions. If you get a InvalidOperationException at startup, let me know and I'll soften some of the internal checks.
from auth0net.dependencyinjection.
Poltergeisen
commented on June 12, 2024
Sounds good, I appreciate the help!
…On Wed, Aug 24, 2022 at 6:11 AM JT ***@***.***> wrote:
Instead of my main applicationlike "users" which needs to contact
"notifications" and "settings" having its own credentials, it seems like we
have a client Id and secret for both notifications and settings alone.
There is not an app or m2m setup specifically for users.
I'm guessing someone made the assumption that MtM clients are similar to
SPA/Native clients and should be unique per service.
I had a quick run-through of the codebase to see if it'd be possible for
me to add support for named clients so I could support this scenario,
however it'd require a significant refactor. It's also not a scenario I
want to promote so the time investment isn't really worth it for myself.
If you don't have the time to refactor your solution, I would just adjust
one of the MtM clients to have API access to both services (Auth0 Dashboard
-> Applications -> (settings/notifications client) -> APIs) and pass the
same credentials down to both sets of extensions.
—
Reply to this email directly, view it on GitHub
<#10 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKVIV2NAO3ODI7XVLXVLE53V2X7PBANCNFSM57NKY5XA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from auth0net.dependencyinjection.
Related Issues (7)
- Add support for different dependency lifetime HOT 2
- Question about AudienceDomainOverride HOT 2
- GetTokenAsync(string audience) should support cancellation token
- Add IServiceProvider as an input to AddAuth0AuthenticationClient HOT 1
- .NET 8 HOT 3
- Auth0Net.DependencyInjection.3.2.0 has a dependency to Microsoft.Extensions.Caching.Memory.8.0.0 for all target frameworks HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth0net.dependencyinjection.