openid-connect

问题 I'am writing a test application with asp.net core 2.0, AspNet.Security.OpenIdConnect.Server and AspNet.Security.OAuth.Extensions. I ran into a problem with introspection of the access token. When I get my token from /connect/token and send it to my resource server I get the following errors in my server: fail: AspNet.Security.OpenIdConnect.Server.OpenIdConnectServerHandler[0] The introspection request was rejected with the following error: invalid_request ; (null) info: AspNet.Security

问题 I have been trying to understand about OAuth2 in my question here Suppose I use my Facebook account to log in to a web site (say Stack Overflow ) via OAuth2. I understand that I am the "resource owner" but which resources am I owning in this scenario? My things in Facebook or my things in Stack Overflow? From this Oauth for dummies article it would seem the resources are in Facebook, but from the answers to my question it would seem the resources are in Stack Overflow. Are the resources the

问题 I have been trying to understand about OAuth2 in my question here Suppose I use my Facebook account to log in to a web site (say Stack Overflow ) via OAuth2. I understand that I am the "resource owner" but which resources am I owning in this scenario? My things in Facebook or my things in Stack Overflow? From this Oauth for dummies article it would seem the resources are in Facebook, but from the answers to my question it would seem the resources are in Stack Overflow. Are the resources the

问题 I implemented an OpenIdconnect social login on top of Oauth2 for few IDPs, but I fail to get Yahoo to behave the way it should. My problem: each time I send an authentication request, Yahoo promps end-user for consent. While this is normal at 1st login, when permission is granted it should not ask over and over the same question. On https://developer.yahoo.com/oauth2/guide/ Yahoo prompt user in step-3 when in reality it is done in step-1. While it is logical that Yahoo prompt user at 1st call

问题 I am trying to add the login_hint to the OpenID sign-in request for Azure AD authentication. It is not working for me, to add login_hint as a property: var properties = new AuthenticationProperties(); properties.RedirectUri = "someCallbackUrl"; properties.Dictionary.Add("login_hint ", "SomeUsername"); AuthenticationManager.Challenge(properties, OpenIdConnectAuthenticationDefaults.AuthenticationType); Adding the login_hint manually to the query string ...&login_hint=SomeUsername at least

问题 I'm currently studying OAuth 2.0 and OpenID Connect and I have a doubt regarding the Authorization Server and Access Tokens. The spec defines the Authorization Server as: The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. So as I understood, the client redirects the user to the Authorization Server, the user authenticates itself at the Authorization Server and the Authorization Server issues an access token to the

问题 I followed this example https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi from the Azure AD B2C documentation page on the Microsoft site. Got it working fine but the problem is that the access token has a one hour lifetime and after that hour the user needs to re-login. I don't want to extend the access_token lifetime but would like to refresh the token before the access_token is expired. How can I achieve this? The source code can

问题 I am using Visual Studio 2015 Enterprise Update 1 and ASP.NET 5 rc1-final to build an endpoint that both issues and consumes JWT tokens as described in detail here. In this approach we have a single project that 'does it all' - the project uses OIDC to issue tokens, JWT bearer authentication to validate them and then guards access to various controllers using the Authorize attribute - all in the same project. Now we would like to refactor this solution by creating an OIDC authorization &

问题 In ASP.NET MVC app, I am trying to implement authentication against external OIDC service. For my testing I am using IdentityServer3 (https://identityserver.github.io/Documentation/) and public OIDC demo server: https://mitreid.org/ I cloned this sample from GitHub: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/MVC%20Authentication Then added the following code to register the public OIDC server as external login provider: private void ConfigureIdentityProviders

问题 In one of the application at my work, we are thinking of just using id_token for all the use-cases including authentication and authorization. The solution is being developed from scratch right now. There are currently no consumers of any resources and we can modify the resources to use id_token. I am bit new to the concepts of openid_connect and oauth 2.0. Will there be any issue of just using id_token having all the access details? 回答1: If your application needs just to authenticate users