It’s perfect! Thank you very much.
Last step, where to get Settings for custom oidc server?
I tried, but get ‘Error: Unknown client or client not enabled’.
May be I should help your team to improve the squidex-identity Doc.
/*
* Settings for your custom oidc server.
*/
"oidcName": "OIDC",
"oidcAuthority": "http://localhost:3500/",
"oidcClient": "adb9793829ddae60",
"oidcSecret": "VFZg+aOG4OrQYl8j4/kYpYlGIPq/5EtQ9q2VK0Y89H8rRPib1oZIvG1AwRTrhqcBI7MyW3k0yUcy1Afjvanwow==",
This would be very welcome.
Where have you created your client?
project/squidex
project/squidex-identify
I have no idea to create client with squidex-identify
The idea of squidex-identity is to manage all data in squidex itself. So you can also create clients there in the schema.
I just cloned the identity, not found admin setting and dashboard.
The whole idea of squidex identity is to be a solution on top of squidex. Squidex hosts the database and configuration and (almost) all data and Squidex identity is just the UI and open id connect server. So you can go to your squidex instance and create a predefined app with all the schemas. Here you will find users, claims, clients and so on and you can manage them there.
This is part of what I`ve got. Couldyou type a little detailed steps please, I need to know settings for custom oidc server in Squidex.It allways failed, could you write Minimal reproduction of the success, both of Squidex and Squidex Identity, like what I did, 1.clone…2…3…, Come on, I greatly appreciate your help.
Sure, I am about to finish the 2.0 release of Squidex and when I am done with this I can write the docs. Just some hints so far:
1. Setup of Squidex identity
- Clone Squidex.Identity repository
- Create an identity app in your Squidex instance (local or cloud)
- Update the configuration with the url to your squidex instance and the client id and secret of the default client.
2. General application settings:
If you create a identity app in Squidex you will see a schema with the settings, where you can upload a logo, footer text, privacy settings and so on. Most settings are optional but you must setup credentials to an smpt server. My recommendation is mailjet: https://www.mailjet.com/
3. External authentication providers
If you want to use external authentication providers you can setup them in the authentication schemes section, here is an example for Google.
You have to create an OAuth 2.0-Client-IDs in the google developer console. You have to define the redirect_uri in this process and you must use http://localhost:3500/signin-google.
4. External clients
When you want to connect an external application to Squidex identity you have to configure a client. This is a little bit complicated, but you can find all settings here: http://docs.identityserver.io/en/latest/reference/client.html
Thanks, now it’s ‘Invalid scope’
I searched and tried to debug but not working.
fail: IdentityServer4.Validation.ScopeValidator[0]
Invalid scope: permissions
Just keep the scopes empty for now
Keep the scopes empty, same to ‘Invalid scope: permissions’,all the files are original.
Where is the snippet coming from?
This is from Squidex.Identity
fail: IdentityServer4.Validation.ScopeValidator[0]
Invalid scope: permissions
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
I mean the code snippet. Sorry
If you are really interested and also want to help to drive it forward we could also make a skype session together.
I don’t understand where this snippet is from:
What do you want to tell me with this screenshot?
And I also do not understand how you can still get the error about the permission scope.
What is a scope?
Scopes are identifiers for resources that a client wants to access. This identifier is sent to the OP during an authentication or token request.
By default every client is allowed to request tokens for every scope, but you can restrict that.
They come in two flavours.
Identity scopes = API Resources
Requesting identity information (aka claims) about a user, e.g. his name or email address is modeled as a scope in OpenID Connect.
There is e.g. a scope called profile that includes first name, last name, preferred username, gender, profile picture and more. You can read about the standard scopes here and you can create your own scopes in IdentityServer to model your own requirements.
Resource scopes = Identity Resources
Resource scopes identify web APIs (also called resource servers) - you could have e.g. a scope named calendar that represents your calendar API.
if you use a custom scope like permission you have to define it first.
There are a view default scopes: openid, email, profile (Casing is important)
More information about scopes: https://auth0.com/docs/scopes/current/oidc-scopes
Oh~ I don’t need any extra scopes even ‘permission’, I don’t know how this error ‘Invalid scope: permissions’ come out, I just run and click Login or Signup it will be error. I type scopes in dashboard or source code just only because I wanner debug this error(but failed). So, I think it’s a bug too, ‘Invalid scope: permissions’ come out with original code and data.
The error message appeared inexplicable before I made the changes. I modified it(screenshots, input and snippet) just to debug this error. I don’t need any extra scopes including permissions.
Run and login -> error(‘Invalid scope: permissions’) -> input / code (try to debug) -> error too -> remove input / revert code -> same error.
I just hope that the login registration can be used successfully(No any other changes). I didn’t expect these problems along the way. I’m sorry, It is really troublesome for you.
