openid-connect

问题 I deployed wso2 IS 5.3.0 in docker. I set it up for openid connect authentication. I tried to have kubernetes to work with it for authentication. But it turns out to have problem with iss field in idtoken. The payload part of the token looks like below after decode: {"exp":1487335376,"sub":"admin","azp":"Dibo_uMHzySCIxrf55uvMGWjGEUa","at_hash":"_8q5TmtJRsdEj4V_dL4-Zg","aud":["Dibo_uMHzySCIxrf55uvMGWjGEUa"],"iss":"https:\/\/localhost:9443\/oauth2\/token","iat":1487331776,"acr":"urn:mace

问题 I am trying to develop a single-tenant application and I am receiving the following error message when signing in: "Application '(app ID)' is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant." I verified in the Azure AD portal, under the 'App Registrations' => 'Authentication' => 'Supported Account Types' section, that the

问题 I am using Visual Studio 2015 Enterprise and ASP.NET vNext Beta8 to build an endpoint that both issues and consumes JWT tokens as described in detail here. As explained in that article the endpoint uses AspNet.Security.OpenIdConnect.Server (AKA OIDC) to do the heavy lifting. While standing this prototype up in our internal development environment we have encountered a problem using it with a load balancer. In particular, we think it has to do with the "Authority" setting on app

问题 I have setup IdentityServer4 based on .net core 2.2 and configured Xero as an External Login using OpenIdConnect middleware. I have a client app which configures the IdentityServer for Authentication. What I like to access in the client app is not only authentication tokens from the IdentityServer but also the tokens from External login. There is a MS documentation which suggests to include the external login tokens in OnGetCallbackAsync : var props = new AuthenticationProperties(); props

问题 https://identityserver4.readthedocs.io/en/release/intro/support.html I currently issue tokens myself in my web api with JwtSecurityToken and I use standard ASP.NET Core middleware calling AddJwtBearer to verify the tokens. It works fine. What advantage will give me using OpenID Connect (through IdentityServer4) over the approach described above? How to answer myself question "Do I need OpenID Connect?" From my basic understanding about OpenID Connect, it is used to allow third parties to

问题 I'm trying to implement the JWT Bearer Authentication in my AspNetCore MVC app (Web API only) using the JwtBearerMiddleware but am getting a 401 response with header: WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found" The relevant code in Startup.cs looks like this: app.UseJwtBearerAuthentication(new JwtBearerOptions { Authority = "https://example.okta.com", Audience = "myClientId" }); With the Authority URL I'd expect the middleware to query

问题 I have a dedicated IdServer running that has the login page that other applications will boot unauthenticated users to. My current pipeline is: app.UseCookieAuthentication app.UseOpenIdConnectAuthentication app.UseDefaultFiles // because it is a SPA app app.UseStaticFiles // the SPA app So all tutorials say to use [Authorize] on your controllers... However, I want middle to authorize all of my controllers, and static files. So how do I write a middleware to handle that. My current setup is:

问题 I wonder how to refresh a access token in a IdentityServer4 client using the hybrid flow and which is built using ASP.NET Core MVC. If I have understood the whole concept correctly the client first need to have the "offline_access" scope in order to be able to use refresh tokens which is best practice to enable short lived access tokens and ability to revoke refresh tokens preventing any new access tokens to be issued to the client. I successfully get a access token and a refresh token, but

问题 Is their any way to configure discovery document from local host before the login using OIDC-Client in angular 8 application. I have this manager which is a helper call for the OIDC client export class AuthenticationService { @Output() initialized: boolean = false; static USER_LOADED_EVENT = "USER_LOADED"; static USER_UNLOADED_EVENT = "USER_UNLOADED"; //static USER_SIGNED_OUT_EVENT = "USER_SIGNED_OUT"; //static USER_EXPIRED_EVENT = "USER_EXPIRED"; static USER_RESET_EVENT = "USER_RESET";

问题 This is related to this security question regarding what it is that secures credentials inside a single page webapp. Suppose we are using an app that is not ours and uses JWT Tokens for security. Are we able to log the contents through browser developer tooling or otherwise of the variables that the app uses for state. Specifically could someone log or see the contents of the JWT token that the user obtained post authentication? 回答1: Yes, it's entirely possible. Any user can just open the