openid-connect

问题 I'm trying to setup a reverse proxy that requires authentication against an OpenID Connect Identity Provider. The User then grants the reverse proxy access to his data. Some applications behind the proxy are only accessible by the user if he is the member of specific LDAP groups. Sadly the applications are the dump and cannot authorize themselves, so the reverse proxy must handle that part. It wasn't so hard to setup the authentication part with mod_auth_openidc. What I struggle with is the

问题 I am trying to wrap my head around several concepts here but I don't want this question to be too broad - basically what we are trying to do is use role claims as permissions to lock down our API but I am finding that the access_token is becoming too big. We are using OpenIddict and ASP.NET Identity 3 on the server side. We have implemented the default AspNetRoleClaims table to store our claims for each role - using them as permissions. We lock down our API endpoints using custom policy based

问题 This is the library which I used https://github.com/php-twinfield/ It's an issue when I call the Oauth login. I have completed almost APIs with username and password but client wants it with Oauth. I think there is a problem in redirectUri. When I called Oauth it always show: { "success": false, "error": "invalid_grant" } This is my credential. Clientid and clientsecret is obtained from mail and the redirect uri set from Openid Twinfield link. Please correct me if there is anything wrong in

问题 In Authorization Code Flow, a client normally gets id token and access token in one step, and then passes the access token to the userinfo endpoint to get the actual data in a second step. In terms of the OpenID Connect, is it possible to combine those steps into one, so one roundtrip from client to OpenID provider suffices? N.B. The actual content of the Access Token is up to the implementor of an OpenID provider, so in theory I could put the data in there - but that does not seem like good

问题 I am trying to run this Angular 4 example that uses Azure B2C Active Directory and adal-angular 4. To run the app, in Azure I created a tenant, registered a the app in AD B2C and added a reply Url of https://localhost:4200. I then added the app id and tenant to my Angular App. When I run the app, it correctly redirects to https://login.microsoftonline.com... on load for login. Logging in correctly redirects to https://localhost:4200. When I log out, there is a problem. The app is redirected

问题 I just signed up for a dev test account with Okta to test OIDC using Okta's auth service and user management. Using their management portal, I created a second group called Test Group along with the default group of Everyone and added my single user to both groups. I then added an application called My SPA and assigned the Test Group access to this application. Using the classic UI, I then edited the OpenID Connect ID Token section and set Group claims type to Expression and added groups as

问题 In my project, the customer can configure own SSO service via admin panel. can I create a genetic code? like this. Here I am using python social auth open_id module. python social auth created an example only for google OpenID connect i am following the same but I am not sure it will be work for all or not. Can I use the below code for multiple SSO provider? like for google, okta, gluu, oracle etc.. """ This file contains Django authentication backends. For more information visit https://docs

问题 I'm trying to add Azure AD authentication to my ASP.NET 5 MVC 6 application and have followed this example on GitHub. Everything works fine if I put the recommended code in an action method: Context.Response.Challenge( new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType); However, if I try using the [Authorize] attribute instead, I get an immediate empty 401 response. How can I make [Authorize] redirect properly to Azure AD? My

问题 I have created a new .NET Core MVC application in Visual Studio 2017 and enabled multi-tenant authentication. I've completed the configuration (ClientId, Authority, etc) but when I debug the application there is an exception in the Startup.cs, specifically the app.useOpenIdConnectAuthentication method. The exception given is System.ArgumentException: The path in 'value' must start with '/'. I'm a bit of a novice when it comes to C# and .NET Core, so I'm not sure whether I'm missing something

问题 I am using the okta oAuth to do the authentication and authorization with angular 8 application. Since getting the 'https://dev-166545.okta.com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration is causing the issue I have added the redirect URL in the okta trusted origin. I can't add the URLs in the CORS because of company policy. How can I solve the issue CORS Access to XMLHttpRequest at 'https://dev-166545.okta.com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration'