openid-connect

问题 I'm using Authlib, and attempting to get a refresh_token from a Hydra server. I have the following code: from authlib.client import OAuth2Session client_id = "my-client" client_secret = "client secret" token_url = "https://myhydraserver/token" scope = 'openid email profile offline' session = OAuth2Session(client_id, client_secret, scope=scope) token = session.fetch_access_token(token_url) print(token) This prints out {'access_token': 'the-token', 'expires_in': 3599, 'scope': '', 'token_type':

问题 I am using Dex as our Identity provider and connecting it to LDAP. Below is my ldap config in Dex: connectors: - type: ldap id: ldap name: LDAP config: host: myhost.staging.com:636 insecureNoSSL: false insecureSkipVerify: false bindDN: cn=prometheus-proxy,ou=serviceaccounts,dc=staging,dc=comp,dc=com bindPW: 'prometheus' rootCA: /etc/dex/ldap/ca-bundle.pem userSearch: baseDN: ou=people,dc=staging,dc=comp,dc=com filter: "(objectClass=person)" username: uid idAttr: uid emailAttr: mail nameAttr:

问题 I am currently using code in my pipeline to cache the bearer token for the Graph API using Azure AD. This code was ported from a working ASP.NET 4 application, but it feels like the new OpenIdConnectOptions in Core should make this easier. Is there a more direct call that I can use in the OnAuthorizationCodeReceived event that will use the AuthenticationContext to cache the token once the code is received? Here is my current code: var azureSettings = app.ApplicationServices.GetService

问题 I am trying to use the OpenID framework supported by Paypal to tie the credentials in with the AWS Cognito service. If I compare the configuration from Salesforce https://login.salesforce.com/.well-known/openid-configuration to the configuration at Paypal https://www.paypal.com/.well-known/openid-configuration the Paypal configuration is missing the jwks_uri element which is a REQUIRED element of the OpenID Provider metadata per OIDC specification and AWS uses the keys at that URI to verify

问题 I successully using azure ad account to login my app with openid connect , but my user will logout after 1 hour. I haven't find code to set the session expire time in my code , any document explain that? Any how could i extend the session active time? 回答1: I haven't find code to set the session expire time in my code , any document explain that? Please refer to this link :http://www.cloudidentity.com/blog/2016/07/25/controlling-a-web-apps-session-duration-2/ By default, in ASP.NET 4.6 the

问题 I am using OWIN middleware for cookie authentication and openIdConnect. Before I added openIdConnect authentication to my startup auth code the cookie authentication option, LoginPath was used as the destination for redirecting unauthenticated users. This worked really well and is the functionality I would like to keep. However, when I added app.UseOpenIdConnectAuthentication to my project, it started automatically redirecting unauthenticated users to my OpenIdConnect Authority (https://login

问题 I need to support two authentication types in ASP.NET Core 2.0 MVC application: AddIdentityServerAuthentication AddOpenIdConnect It was very easy in ASP.NET Core 1.0 version. But in version 2.0 version syntax changed. This is my code: services.AddAuthentication(o => { o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; o.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme; })

问题 Please tell me why I can not add any scope to OpenIdConnectOptions ? It doesn't work with an ASP.NET Core MVC client, but with a js client it works fine! My code... IdentityServer4 Client registration public static IEnumerable<Client> GetClients() { return new List<Client> { new Client { ClientId = "web", ClientName = "Web Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, AlwaysIncludeUserClaimsInIdToken = true, RedirectUris = {"http://localhost:5002/signin

问题 Google updated their OpenID Connect endpoints to be fully spec compliant, as part of the OpenID Certification effort. I rely on OpenID Connect to sign my users in with Google. Will I need to do anything as a relying party to avoid breaking due to these changes? 回答1: It depends on how you use OpenID Connect with Google. If you are performing dynamic discovery by fetching https://accounts.google.com/.well-known/openid-configuration as recommended by the docs then the way your servers interact

问题 I have added all available middleware in OWIN Pipeline using Startup class to authenticate user in my project. It is working fine. But how can I add middleware to OWIN Pipeline after Startup at runtime. So that Admin can enter the details of new Authentication Server using UI and register new authentication server on demand without disturbing running application. 回答1: Actually, standard owin pipeline implementation is not designed to be modified during runtime. It has two lifetime phase: init