openid-connect

问题 In my implementation I am using OpenID-Connect Server (Identity Server v3+) to authenticate Asp.net MVC 5 app (with AngularJS front-end) I am planning to use OID Code flow (with Scope Open_ID) to authenticate the client (RP). For the OpenID connect middle-ware, I am using OWIN (Katana Project) components. Before the implementation, I want to understand back-channel token request, refresh token request process, etc using OWIN.. But I am unable to find any documentation for this type of

问题 I have generated the following token and am trying to verify the signature with http://jwt.io I have also attached the contents of my jwks endpoint that should have all the details I need to verify. So my question is: how do I get this to say signature valid on the jwt.io website? Am I missing some transformation on the certificate chain parameter? Here is the spec for jwks for reference.

问题 I’m using Swagger to make API calls, for authentication I’m able to generate Bearer token but after that I' m getting 401 in response. After checking logs, below is the error: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys: kid: '[PII is hidden]', token: '[PII is hidden]' My ConfigureAuth method is as below: private static void ConfigureAuth(IAppBuilder app) { var metadataEndpoint = string.Format(

问题 As required by Google, we are attempting to finish our migration from Google's previous OpenID Authentication flow to the new OpenID Connect implementation. Everything has been relatively straightforward up until we attempted to use the max_age parameter (as defined in the openid-connect-core spec), which serves to replace the OpenID pape extension parameter: max_auth_age . Supplying the max_age parameter doesn't break the authentication request right away, but only after the user

问题 As required by Google, we are attempting to finish our migration from Google's previous OpenID Authentication flow to the new OpenID Connect implementation. Everything has been relatively straightforward up until we attempted to use the max_age parameter (as defined in the openid-connect-core spec), which serves to replace the OpenID pape extension parameter: max_auth_age . Supplying the max_age parameter doesn't break the authentication request right away, but only after the user

问题 When using Google's OpenIDConnect authentication system, it's possible to specify email or profile or both in the scope parameter. If you request the email scope, the "email" and "email_verified" claims will be included in the id_token that gets returned as part of a successful OAuth2 authentication session. Here's an example from Google's documentation: An ID token's payload An ID token is a JSON object containing a set of name/value pairs. Here’s an example, formatted for readability: {"iss

问题 In OpenID Connect an access token has an expiry time. For authorization code flow, this is typically short (eg 20 minutes) after which you use the refresh token to request a new access token. The ID token also has an expiry time. My question is what is the intent of this? Any ID token expiry time less than the expiry time of the refresh token will mean you will eventually have an expired ID token, but a valid access token. So are you meant to: give your ID token an expiry longer than the

问题 In OpenID Connect an access token has an expiry time. For authorization code flow, this is typically short (eg 20 minutes) after which you use the refresh token to request a new access token. The ID token also has an expiry time. My question is what is the intent of this? Any ID token expiry time less than the expiry time of the refresh token will mean you will eventually have an expired ID token, but a valid access token. So are you meant to: give your ID token an expiry longer than the

问题 I have installed WSO2 IS 5.2.0 and I have problem to retrieve custom created claims. I've added new claims to dialect http://wso2.org/claims and I also added new claims that map the same attribute to dialect http://wso2.org/oidc/claim that worked with version 5.1.0 but in version 5.2.0 not working. All fields are present in database attribute table. I am using Oauth2 OpenID connect userInfo for fetching user data. Here is claims configuration for my Service Provider: With this configuration

问题 I have installed WSO2 IS 5.2.0 and I have problem to retrieve custom created claims. I've added new claims to dialect http://wso2.org/claims and I also added new claims that map the same attribute to dialect http://wso2.org/oidc/claim that worked with version 5.1.0 but in version 5.2.0 not working. All fields are present in database attribute table. I am using Oauth2 OpenID connect userInfo for fetching user data. Here is claims configuration for my Service Provider: With this configuration