identityserver4 | 易学教程

HttpContext is NULL when running web app in IIS

阅读更多关于 HttpContext is NULL when running web app in IIS

问题 I have two application, both running on the same Windows machine. One application is IdentityServer4, and the other is my own web application (Server side Blazor app). Both web apps are build with .NET Core 3.1. When I navigate to my web app, I first get redirected to my IdentityServer4 app. I login, and after that I get redirected back to my web app. The login was successful, because there are no errors in the logs of IdentitServer. Also, I see a certain claim value on my Blazor webpage. I

第十节：IdentityServer4隐式模式介绍和代码实操演练

阅读更多关于第十节：IdentityServer4隐式模式介绍和代码实操演练

一. 前言 1.简介　　简化模式（implicit grant type）不通过第三方应用程序的服务器，直接在浏览器中向认证服务器申请令牌，步骤在浏览器中完成，令牌对访问者是可见的，且客户端不需要认证。注：该模式也有很大的弊端，就是请求令牌在浏览器中能被看到。 2. 流程图流程（A）客户端将用户导向认证服务器。（B）用户决定是否给于客户端授权。（C）假设用户给予授权，认证服务器将用户导向客户端指定的"重定向URI"，并在URI的Hash部分包含了访问令牌。（D）浏览器向资源服务器发出请求，其中不包括上一步收到的Hash值（#号的部分）。（E）资源服务器返回一个网页，其中包含的代码可以获取Hash值中的令牌。（F）浏览器执行上一步获得的脚本，提取出令牌。（G）浏览器将令牌发给客户端。（H）客户端拿到令牌以后，就可以去请求资源服务器获取资源了。 3. 流程剖析步骤A：导向认证服务器，如下请求，进而再导向认证服务器的登录页面。 GET /authorize?response_type=token&client_id=s6BhdRkqt3&state=xyz&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb 参数包括：　　response_type：表示授权类型，此处的值固定为"token"，必选项。

第五节：IdentityServer4的Pkce机制、令牌刷新机制、混合授权模式

阅读更多关于第五节：IdentityServer4的Pkce机制、令牌刷新机制、混合授权模式

一. PKCE机制 1. 准备 (1). IDS4_Server1：认证授权服务器 (2). MvcClient1：web客户端　然后将上述两个项目配置成授权码模式（如何配置见上一节 IdentityServer4授权码模式介绍和代码实操演练） PS: PKCE机制是在授权码模式的基础上，增加了几个验证参数，使其更加安全。 2. 代码配置 (1).IDS4_Server1中的Config1，新增 RequirePkce = true, 开启Pkce授权校验。 (2).MvcClient1中的ConfigureServices中, 新增options.UsePkce = true;开启Pkce. （默认就是true，所以可以省略） PS:实际上在上一节的授权码模式中已经开启了pkce，只是没有单独点明增加的参数的含义。 3. 剖析测试 (1).在导向认证服务器的请求和确认授权页面的请求中，新增两个参数：code_challenge 和 code_challenge_method. (2).客户端携带授权码请求认证服务器的时候,携带的参数中新增: code_verifier 二. 令牌刷新机制 1. 准备 (1). IDS4_Server1：认证授权服务器 (2). MvcClient1：web客户端　然后将上述两个项目配置成授权码模式（如何配置见上一节

How to correctly use the introspection endpoint with identity server 4?

阅读更多关于 How to correctly use the introspection endpoint with identity server 4?

问题 I'm using Identity Server 4 and I'm trying to use the introspection endpoint, but just by the docs I'm not getting it. The docs just gives this example POST /connect/introspect Authorization: Basic xxxyyy token=<token> Now, why there is this basic authentication and what should be xxxyyy? I mean, there's no basic auth set in my app. I've just setup Identity Server 4 using ASP.NET Core as follows in the ConfigureServices : services.AddIdentityServer() .AddTemporarySigningCredential()

How to correctly use the introspection endpoint with identity server 4?

阅读更多关于 How to correctly use the introspection endpoint with identity server 4?

The instance of entity type 'ApplicationUser' cannot be tracked because another instance with the same

阅读更多关于 The instance of entity type 'ApplicationUser' cannot be tracked because another instance with the same

问题 I have this error and I can't figure out why it is happening. Can someone help out? The instance of entity type 'ApplicationUser' cannot be tracked because another instance with the same key value for {'Id'} is already being tracked. When attaching existing entities, ensure that only one entity instance with a given key value is attached. Consider using 'DbContextOptionsBuilder.EnableSensitiveDataLogging' to see the conflicting key values. I checked the previous answers and all of them say

How to add additional claims for MVC client with IdentityServer4

阅读更多关于 How to add additional claims for MVC client with IdentityServer4

问题 I'm using the IdentityServer4 "AspNetCoreAndApis" sample application found here It has a token server and an MVC client application. The identity server project has an external OIDC authentication provider set up using their demo server - https://demo.identityserver.io/ After hitting a protected endpoint in MvcClient , being redirected to the local identity server, choosing and authenticating with the demo server, it reaches the ExternalController callback of the local identity server. At

How to create facebook like own native SSO app?

阅读更多关于 How to create facebook like own native SSO app?

问题 First of all, sorry for possible duplication, I'm sure this question was asked many times in many forms but I can't find clear answer or direction how to start. What I am trying to do is sso for our organization apps on android and I want it with native experience(without browser). I have oidc built on identityserver4 and it's already in production with web and mobile clients. I'm not asking for implementation details here, just some reference, good example for how to create app which will be

SSO for .net core 3.1 web api

阅读更多关于 SSO for .net core 3.1 web api

问题 We would like to achieve SSO( Google, Microsoft, Twitter, Facebook ) for a .net core 3.1 web api (console api controllers) application. I have gone through few links that achieves this with the help of MVC or angular front end and IdentityServer4 . Our application is purely an web api. Can some one guide me with sample code or link to achieve this? How does SignInWithGoogle/FB/Twitter/Microsoft button and its click will be handled? 来源： https://stackoverflow.com/questions/62173069/sso-for-net

OidcClient2 - Closing IBrowser while waiting for LoginAsync

阅读更多关于 OidcClient2 - Closing IBrowser while waiting for LoginAsync

问题 Currently I am developing a Xamarin App which is using IdentityModel.OidcClient to authenticate against my server, and it is being done using the automatic mode presented on the documentation (https://github.com/IdentityModel/IdentityModel.OidcClient2). Everything is working just fine as var result = await client.LoginAsync(); is returning the LoginResult with the AccessToken, etc. What I am trying to figure out is how the backbutton, the recent apps button (both on android) and the close