openid-connect

问题 Our project consists several sub application, and we are looking for a solution to implement SSO to avoid the authentication for each sub application. Suppose this is the structure of our project: authentication server(call it AS or IdP or something else) order-system product-system data-analysis-system ....... And we found that there are a lot of articles of "SSO implemented based on OAuth2" like this. In that article, we prefer to the SAML strategy because it is simple and clear, however

问题 Our project consists several sub application, and we are looking for a solution to implement SSO to avoid the authentication for each sub application. Suppose this is the structure of our project: authentication server(call it AS or IdP or something else) order-system product-system data-analysis-system ....... And we found that there are a lot of articles of "SSO implemented based on OAuth2" like this. In that article, we prefer to the SAML strategy because it is simple and clear, however

问题 I am using the standard OIDC .NET library to make a challenge request to ADB2C. From my understanding, this automagically attempts the sign in with the refresh token in cache and gains an authorization without re-asking for credentials. This seems to work absolutely fine, except on 1 browser - Chrome on Android. No matter what I try, this browser seems to to lose the refresh token, so after around 1 hr, it starts asking for credentials again. I have cross checked this on Chrome web/mac, edge,

问题 I am using the standard OIDC .NET library to make a challenge request to ADB2C. From my understanding, this automagically attempts the sign in with the refresh token in cache and gains an authorization without re-asking for credentials. This seems to work absolutely fine, except on 1 browser - Chrome on Android. No matter what I try, this browser seems to to lose the refresh token, so after around 1 hr, it starts asking for credentials again. I have cross checked this on Chrome web/mac, edge,

问题 I'm building a POC multi-tenant app using IdentityServer 4 on asp.net core as the middleman between my client app and Azure Active Directory using openIdConnect. Is there a way to trigger the admin_consent flow when a user logs in from a new AAD tenant which is not yet authorized to use the app? This Azure sample shows how to perform a manual consent using a controller on the client site which builds the AAD Uri from scratch, but I'm shooting for an experience where a user from a new

问题 This is my first time setting up OpenID Connect with IdentityServer 4 and AspNetIdentity and I was hoping someone could demystify the part about storing user data. What I've read so far is that user data should be stored in the Auth db that is connected to the auth server, but I'd really like to store user data in the resource db too that is connected to the resource server. I currently have a data model that looks like this: I have omitted many of the fields for both User and Event, but you

问题 I'm still learning the Identity Framework and am pretty lost in trying to setup authentication in my .Net Core 2 MVC application. Any suggestions are appreciated since I'm not even sure what I'm doing is correct. I have a requirement to integrate an OpenID Connect identity provider for authentication and use a secondary data source for authorization . Inconveniently I cannot use any claim from the OIDC IdP except for the name claim. The rest of the user claims must come from the secondary

问题 I'm still learning the Identity Framework and am pretty lost in trying to setup authentication in my .Net Core 2 MVC application. Any suggestions are appreciated since I'm not even sure what I'm doing is correct. I have a requirement to integrate an OpenID Connect identity provider for authentication and use a secondary data source for authorization . Inconveniently I cannot use any claim from the OIDC IdP except for the name claim. The rest of the user claims must come from the secondary

问题 I'm still learning the Identity Framework and am pretty lost in trying to setup authentication in my .Net Core 2 MVC application. Any suggestions are appreciated since I'm not even sure what I'm doing is correct. I have a requirement to integrate an OpenID Connect identity provider for authentication and use a secondary data source for authorization . Inconveniently I cannot use any claim from the OIDC IdP except for the name claim. The rest of the user claims must come from the secondary

问题 I've got an issue with redirecting after loggin in with identity server. I have the following angular-auth-oidc-client config: export function configureAuth(oidcConfigService: OidcConfigService) { return () => oidcConfigService.withConfig({ stsServer: 'http://localhost:5002', redirectUrl: window.location.origin, postLogoutRedirectUri: window.location.origin, clientId: 'applications-portal', scope: 'openid profile', responseType: 'id_token token', logLevel: LogLevel.Debug, }); } And app