identityserver4

问题 I have setup IdentityServer4 based on .net core 2.2 and configured Xero as an External Login using OpenIdConnect middleware. I have a client app which configures the IdentityServer for Authentication. What I like to access in the client app is not only authentication tokens from the IdentityServer but also the tokens from External login. There is a MS documentation which suggests to include the external login tokens in OnGetCallbackAsync : var props = new AuthenticationProperties(); props

问题 I am trying to get my head out of the clouds with identity server. I would like to implement the identity server project to let authenticate An ASP.NET MVC 5 application An ASP.NET Web API A windows service implementation Int this blog post I have read some details about clients. The author simply state: OAuth 2 provides several "grant types" for different use cases. The grant types defined are: Authorization Code for apps running on a web server Implicit for browser-based or mobile apps

问题 I'm trying to setup Identity Server 4 Auth server in ASP.NET Framework 4.7.2 WEB API, but I can't get it working. I'm not able to add appBuilder.UseIdentityServer() in the Startup class. My understanding is that the IdentityServer4 is compiled as DotNet Standard 2.0 and the ASP.NET Framework 4.7.2 is compatible with DotNet Standard 2.0, so IDS4 should be able to be used inside 4.7.2 project. Correct me if I'm wrong please. Is it possible to use IdentityServer4 like that? What am I doing wrong

问题 I'm trying to setup Identity Server 4 Auth server in ASP.NET Framework 4.7.2 WEB API, but I can't get it working. I'm not able to add appBuilder.UseIdentityServer() in the Startup class. My understanding is that the IdentityServer4 is compiled as DotNet Standard 2.0 and the ASP.NET Framework 4.7.2 is compatible with DotNet Standard 2.0, so IDS4 should be able to be used inside 4.7.2 project. Correct me if I'm wrong please. Is it possible to use IdentityServer4 like that? What am I doing wrong

问题 I have configured the MVC client by adding the following lines. services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(); The error message was, as (kind of) expected, 401 Unauthorized. So I added config for the bearer as suggested by Microsoft. services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(_ => { _.Authority = "http://localhost:5000"; _.Audience = "http://localhost:5002"; }); In my solution, port 5000 hosts the IDS4 provider and

问题 I use two different clients. The IdentityServer4 provides API protections and log in form. Can I configure clients to avoid single sign on. I mean that even if I logged in the first client I need to log in the second client too. My ID4 configuration: internal static IEnumerable<Client> GetClients(IEnumerable<RegisteredClient> clients) { return clients.Select(x => { var scopes = x.AllowedScopes.ToList(); scopes.Add(IdentityServerConstants.StandardScopes.OpenId); scopes.Add

问题 I use two different clients. The IdentityServer4 provides API protections and log in form. Can I configure clients to avoid single sign on. I mean that even if I logged in the first client I need to log in the second client too. My ID4 configuration: internal static IEnumerable<Client> GetClients(IEnumerable<RegisteredClient> clients) { return clients.Select(x => { var scopes = x.AllowedScopes.ToList(); scopes.Add(IdentityServerConstants.StandardScopes.OpenId); scopes.Add

问题 how to restrict x amount of login on each client app in specific the SPA client with grant type - implicit This is out of scope within Identity server Solutions tried - Access tokens persisted to DB, however this approach the client kept updating the access token without coming to code because the client browser request is coming with a valid token though its expired the silent authentication is renewing the token by issues a new reference token ( that can be seen in the table persistGrants

问题 https://identityserver4.readthedocs.io/en/release/intro/support.html I currently issue tokens myself in my web api with JwtSecurityToken and I use standard ASP.NET Core middleware calling AddJwtBearer to verify the tokens. It works fine. What advantage will give me using OpenID Connect (through IdentityServer4) over the approach described above? How to answer myself question "Do I need OpenID Connect?" From my basic understanding about OpenID Connect, it is used to allow third parties to

问题 I have a dedicated IdServer running that has the login page that other applications will boot unauthenticated users to. My current pipeline is: app.UseCookieAuthentication app.UseOpenIdConnectAuthentication app.UseDefaultFiles // because it is a SPA app app.UseStaticFiles // the SPA app So all tutorials say to use [Authorize] on your controllers... However, I want middle to authorize all of my controllers, and static files. So how do I write a middleware to handle that. My current setup is: