openid-connect

问题 The example on the AspNet.Security.OpenIdConnect.Server looks to me like both an auth and resource server. I would like to separate those. I have done so. At the auth server's Startup.Config, I have the following settings: app.UseOpenIdConnectServer(options => { options.AllowInsecureHttp = true; options.ApplicationCanDisplayErrors = true; options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme; options.Issuer = new System.Uri("http://localhost:61854"); // This auth server

问题 We have our own OpenID Connect Provider. We want to pass custom query parameter in Authentication request using Owin middleware. And we cannot find the way how to implement this using Microsoft.Owin.Security.OpenIdConnect assembly. Even We cannot find how to add a standard request parameter to Authentication Request (e.g. " login_hint parameter"). For example Google has " login_hint " and " hd " parameters (https://developers.google.com/accounts/docs/OAuth2Login#sendauthrequest), and we want

问题 We have configured Client App to use IdentityServer3 authentication via OpenID Connect protocol (it's ASP.NET MVC App that uses OWIN middleware to support OIDC). The IdentityServer3 itself is configured to use both local login and external login (Azure AD, for instance). In the regular flow once App need to authenticate user it redirects him to the IdentityServer3 login screen - it's fine. But in some cases, on per-request basis, I want to bypass login screen by somehow letting

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed last year . We currently have an OpenID based Google AppEngine application. We are now trying to integrate our application with our customers inhouse IT systems and see,hat OpenID is a quite complicated spec to implement. We also see, that Google is moving in the direction of OpenID Connect (if you look at Google Drive). Is

问题 I am using Keycloak server to implement SSO. I am able to get access token for a specific client using client_credentials flow. However, my observation is that the access token is granted for internal service account of the client . I would like to get access token for other users present in realm by providing some additional parameter to the token endpoint. Below is the current request I make to token endpoint using Postman Chrome extension : POST http://localhost:8080/auth/realms/<realm>

问题 I'm trying to upgrade my MVC website to use the new OpenID Connect standard. The OWIN middleware seems to be pretty robust, but unfortunately only supports the "form_post" response type. This means that Google isn't compatible, as it returns all the tokens in a the url after a "#", so they never reach the server and never trigger the middleware. I've tried to trigger the response handlers in the middleware myself, but that doesn't seem to work at all, so I've got a simply javascript file that

问题 There is a lot of information on the web about using JWT ( Json Web Token ) for authentication. But I still didn't find a clear explanation of what the flow should be when using JWT tokens for a single sign-on solution in a multiple domains environment . I work for a company which has a lot of sites on different hosts. Let's use example1.com and example2.com . We need a single sign-on solution, which means if a user authenticates on example1.com , we want him to also be authenticated on

问题 Ok, I understand that the question I am asking may be pretty obvious, but unfortunately I lack the knowledge on this subject and this task seems to be quite tricky for me. I have an id token (JWT) returned by OpenID Connect Provider. Here it is: eyJraWQiOiIxZTlnZGs3IiwiYWxnIjoiUlMyNTYifQ

问题 I'm trying to understand the proper way to do authentication in ASP.NET Core. I've looked at several Resource (Most of which are out dated). Simple-Implementation-Of-Microsoft-Identity Introduction to Authentication with ASP.Core MSDNs Introduction to Identity Some people provide altenative solutions stating to use a cloud based solution such as Azure AD, or to Use IdentityServer4 and host my own Token Server. In Older version Of .Net one of the simpler forms of authentication would be to

问题 I have looked at a bunch of similar issues on StackOverflow similar to this but none of the solutions have worked for me. This issue is driving me nuts! The main difference I have from many of the similar ones here is that I have only ONE server behind the load balancer, so the issue is not that my requests are going to different servers. I have implemented Data Protection middleware, changed my callback path, tried to capture error events, added a cache for state data, etc. Nothing has