openid-connect

问题 We are trying to use Google's OpenID Connect for a business web app but are concerned that the user will leave the app open and an unauthorized user will sign-in because the user is still signed into Google so OpenID Connect just let's them right in. We've tried using max_auth_age=0 parameter. This has been replaced by max_age in OpenID Connect. I do see that Google App's control panel at admin.google.com does usually re-prompt the user for a password while any other login won't. But looking

问题 I've got an ASP.NET application which is using the OWIN middleware to authenticate against my Azure Active Directory instance. In the Azure portal, I've created the app registration for my ASP.NET app, and authentication works great. Users have been logging in, I get their claims, everything's good. Now, I'm adding a new feature to my application, where after login, I want to query the Graph API to get some more information about the user (group names, e-mail address, whatever). Now,

问题 I am just following what is on the guide I've already populated the user's profile information but so far I only get sub . I want to get something same like in the guide: { "sub":"admin", "email":"admin@wso2.com", "website":"https://wso2.com", "name":"admin", "family_name":"admin", "preferred_username":"admin", "given_name":"admin", "profile":"https://wso2.com", "country":"Sri Lanka" } CONFIG Identity Server - AWS Cloud with Domain and SSL + Nginx Proxy Sample Web App - local machine UPDATE:

问题 I have an ASP.NET Core backend with a React frontend hosted in different origins. The ASP.NET core backend is configured to use the inbuilt identity server: // Startup public void ConfigureServices(IServiceCollection services) { ... services.AddIdentityServer() .AddApiAuthorization<ApplicationUser, ApplicationDbContext>(); ... } I have added the OidcConfigurationController that the identity server expects: public class OidcConfigurationController : Controller { public

问题 I'm trying to create a protected controller via Azure AD application roles. Here is an exempt from Startup.Auth, which is basically provided by Visual Studio template: public void ConfigureAuth(IAppBuilder app) { ApplicationDbContext db = new ApplicationDbContext(); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions

问题 I am hitting this with the following combination: 1) Browser incognito mode (Chrome) 2) Application is behind Azure application gateway (no repro if it isnt). Cookie based affinity is turned OFF (default); if turned ON, seems to make repro happen more often. Code is rather plain vanilla OIDC authN + cookies. services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults

问题 Can Oauth2 be used for authorization and authentication ? As I understand it, Oauth2 authorizes a consumer application to access user information from providers (e.g. Facebook, Google, Twitter, etc). But can Oauth2 be used to authenticate a user? For example, suppose we have an app comprised of native mobile frontends and a backend api - can Oauth2 be used to valid and maintain authentication on top of the authorization from providers like Facebook, Google, Twitter, etc? If yes, how? For

问题 I'm developing an application in ASP.NET Core 2.1, and running it on a Kubernetes cluster. I've implemented authentication using OpenIDConnect, using Auth0 as my provider. This all works fine. Actions or controllers marked with the [Authorize] attribute redirect anonymous user to the identity provider, they log in, redirects back, and Bob's your uncle. The problems start occurring when I scale my deployment to 2 or more containers. When a user visits the application, they log in, and

问题 I am working on a project where a third party provider will act as an Oauth2 based Authorization Server. An Asp.net MVC 5 based client which will send the user to the authorization server to authenticate (using login / password) and the auth server will return an access token back to the MVC client. Any further calls to resource servers (APIs) will be made using the access token. To achieve this I am using Microsoft.Owin.Security.OpenIdConnect and the UseOpenIdConnectAuthentication extension.

问题 In my implementation I am using OpenID-Connect Server (Identity Server v3+) to authenticate Asp.net MVC 5 app (with AngularJS front-end) I am planning to use OID Code flow (with Scope Open_ID) to authenticate the client (RP). For the OpenID connect middle-ware, I am using OWIN (Katana Project) components. Before the implementation, I want to understand back-channel token request, refresh token request process, etc using OWIN.. But I am unable to find any documentation for this type of