Managing Authorization Server Clients

These are virtual Authorization brokers that take up the task of mediating the authorization between the client applications and the authorization server

The data persistence is done to "ClientDetails" table

The Authorization server cannot be requested without the above given client.

There may be many clients for a single tenant for ex
Mobile Client that can be used with the Implicit flow
Web Client that can be used with the Authorization Code flow

There are many ways to configure the clients
In case of very minimal customization required per client of a type [Ex: Code / Implicit], the redirect uri's can be appended to in the DB to enable many apps to re-use a client.

In case of different application types to be configured and used with varying configuration, the right approach would be to create different clients for the different apps

Ex: An angular front end app may not have a refresh_token flow configuration where as a mobile app will require a refresh_token and with an offline_access setting

In the Startup.cs file for the web / web api project, provide the correct clientid in LOWERCASE and also update the "AuthIssuer" value in "AppSettings" section of the web.config files.

In case of a very trusted and fine-grained control / flexible system requirement, follow the steps outlined in the following article

In case of any other details or clarifications, please feel free to write to us @