openid-connect

问题 I know the concept of OAuth2 and OpenID. in our application authentication is happening through OKTA and we receive access-token in a response. Our architecture is a microservice-architecture and we are using EmberJS at frontend. we have to implement remember-me functionality it will keep the user logged in for the next 30 days. I did some study on it and came to points that will satisfy my requirements. keep user session active for 30 days in OKTA. refresh access token periodically based on

问题 I set up a very simple ASP.NET MVC 5 application that tries to authenticate a user through an OpenID provider in Authorization Code mode. I'm able to log in and the server returns a code in the redirect URL querystring and a nonce cookie. However, back on the client application the user is not authenticated ( User.Identity.IsAuthenticated false), has no claims and called controller Action that has an Authorize attribute is never carried out. Browser stays on the redirect URL page which is the

问题 Im trying to set up WSO2 Identity Server to use OpenId connect. I have currently applied the following settings shown Here: Setup WSO2. What it boiles down to is that i use the Resident Identity Provider and i have setup a Service Provider for my app "CoolApp". I configured "OAuth/OpenID Connect Configuration" and set a callback URL. Is there a simple example how to use this in javascript? I have played around with identityserver3 and they have a client oidc-client.js which works nicely in

问题 I have a multi-tenant (single database) application which allows for same username/email across different tenants. At the time of login (Implicit flow) how can I identify the tenant? I thought of following possibilities: At the time of registration ask the user for account slug (company/tenant slug) and during login user should provide the slug along with username and password . But there is no parameter in open id request to send the slug. Create an OAuth application at the time of

问题 I'm working on a small proof-of-concept implementation involving OpenID Connect and WSO2 Identity Server 5.3.0. On the client side, I'm using python with the oic library to attempt to get the discovery mechanism working. I'm executing the following code, based on the oic documentation: from oic.oic import Client oic_client = Client(verify_ssl=False) uid = "admin@172.22.0.2" issuer = oic_client.discover(uid) provider_info = oic_client.provider_config(issuer) This results in the following error

问题 We have a WebApp to which we want to allow 3rd parties to add UI extensions by means of embedding their 3rd party WebApp in an iframe, much like SalesForce Canvas of WeChat Mini Programs. One of the particulars we're having difficulties with is figuring out how to provide a seamless UX, in the sense that when the user is already logged into our WebApp and they browse to a place where a 3rd party webapp is embedded, there should be no login required to gain access to the 3rd party webapp. I

问题 I am getting this exception in my ASP.NET Core 2.1 app. What does it mean? My request to AAD was for both code and id_token. I successfully completed the OnAuthorizationCodeReceived handler and exchanged the code for an access token but the app throws the exception. Where do I even start debugging this? 来源： https://stackoverflow.com/questions/52847450/unable-to-validate-the-id-token-no-suitable-isecuritytokenvalidator-was-found

问题 CompanyA is integrating with CompanyB where CompanyA's users will be buying devices of CompanyB. CompanyA wants to show user's device(CompanyB) details on their app by calling CompanyB's API on each user login. CompanyA user is authenticated on CompanyA IAM. CompanyA has to call register device when user tries to add an device first time. Help me to identify the flow which i can use to query particular loggedin user's device only. Do i need to create duplicate user account on CompanyB's IAM?

问题 My team is building a framework that developers will use to make their applications OpenID Connect Relying Parties. The first provider we'd like to support is Salesforce. SFDC has a page for users to register their app as a relying party, but we would like to do this programatically, using the OpenID Connect Dynamic Registration process. I've been unable to find SFDC's registration endpoint. Their discovery endpoint does not return one. Is it possible to dynamically register an OpenID Connect

问题 Working on the discovery part of an OpenID Connect provider, I'm a bit confused about how to properly return my public keys . My problem is specifically with the modulus (n) and the exponent (e) values. The initial values of both are: n =