openid-connect

OWIN OpenIdConnect middleware - set RedirectUri dynamically

偶尔善良 提交于 2019-12-09 17:01:02
问题 Is there any way how can I set RedirectUri property for OpenIdConnectMessage based on a Request scope, not Application scope? My app is serving multiple domains (myapp.com, myapp.fr, ..) and based on domain, it determine default language for the content. I need that the user is taken back to the same domain after login thru IdP so I need to find a way how RedirectUri is set per request scope rather than app scope as done by configuring middleware options in startup.cs . 回答1: This can be done

authorizationGrantType cannot be null in Spring Security 5 OAuth Client and Spring Boot 2.0

只谈情不闲聊 提交于 2019-12-09 16:50:15
问题 I followed the Spring Security 5.0 official reference documentation and sample codes oauth2login to setup OAuth2/OIDC authentication in my project, but it failed and I got the following exception when I booted up my application by mvn spring-boot:run . org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client

Re-challenge authenticated users in ASP.NET Core

烂漫一生 提交于 2019-12-09 10:11:52
问题 I'm running into some issues with the authentication pipeline in ASP.NET Core. My scenario is that I want to issue a challenge to a user who is already authenticated using OpenID Connect and Azure AD. There are multiple scenarios where you'd want to do that, for example when requesting additional scopes in a AAD v2 endpoint scenario. This works like a charm in ASP.NET MVC, but in ASP.NET Core MVC the user is being redirected to the Access Denied-page as configured in the cookie authentication

Is it possible to have SPA authentication without redirecting to an outside login page

*爱你&永不变心* 提交于 2019-12-08 19:26:58
问题 I am currently developing an SPA application that connects to a bunch of webAPI's. These API require that the user is logged in, so I started digging into Openid Conect and OAuth2 examples, mostly using IdentityServer. They all require, for SPA reasons, that the implicit grant should be used for retrieving access_tokens. Token refreshes are handled connecting to authentication server using hidden iframe. What I understand from this approach o renewing your access_token is that, sessions is

OpenID Connect - Using IdentityServer for SSO between WinForms and Web Application

人盡茶涼 提交于 2019-12-08 14:21:30
I have Thinktecture IdentityServer set up and I have two trusted client applications, a WinForms app and a Web application and I want to implement SSO between them both. The user will first open the desktop application which has a login page that authenticates with the identity server. The desktop application will include some generated web links which when clicked open a new browser window to a secured area of the Web application that requires authentication, however, upon clicking these links I don't want the user to have to login again as they have already authenticated once via the desktop

WebAPI Mixing Implicit Flow and Client Credentials Flow

房东的猫 提交于 2019-12-08 08:30:06
问题 I have a WebAPI solution that secures it's controller methods via the [Authorize] attribute. It verifies that a given user has the appropriate roles, which are basically claims that come from an IdentityServer3. There are several single page application clients that interact with this WebAPI, and the client users are authenticated/authorized using implicit flow. So far pretty standard and simple, it all works fine... Now I have a need for background process to make calls to this same WebAPI.

Utilizing state/customState with passport-azure-ad

扶醉桌前 提交于 2019-12-08 07:44:52
问题 I'm having trouble figuring out the purpose of customState and if/how I can utilize it to pass data to the return url. Specifically I wish to route the user back to their original location after being signed in. I thought I could pass the original url to the parameter customState and have it returned back to me in the return url POST , but it appears to be encoded or perhaps replaced with a different value. Here is what I want to achieve: Anonymous user visits /page/protected which requires

OpenIddict - How do you obtain the access token for a user?

爷,独闯天下 提交于 2019-12-08 06:45:47
问题 I am working on a sample application for OpenIddict using AngularJs. I was told that you shouldnt use clientside frameworks like Satellizer, as this isnt recommended, but instead allow the server to deal with logging in server side (locally and using external login providers), and return the access token. Well i have a demo angularJs application and uses server side login logic and calls back to the angular app, but my problem is, how do i get the access token for the current user? here is my

AngualrJS OIDC Client Silent Renew page

两盒软妹~` 提交于 2019-12-08 06:11:15
问题 I am struggling to understand how this silent renew process works. as per what I Read I understood that the html page will be kept in an iframe and it keeps pinging server for renewing token. I have an angular application, typically we package everything into one simple index.html file and rest will be inserted based on route (ui-router, template caching). So In my context, should we keep this html packaged? or should it be separate html page lives alongside index.html? 来源: https:/

OpenID Connect - Using IdentityServer for SSO between WinForms and Web Application

大城市里の小女人 提交于 2019-12-08 04:23:51
问题 I have Thinktecture IdentityServer set up and I have two trusted client applications, a WinForms app and a Web application and I want to implement SSO between them both. The user will first open the desktop application which has a login page that authenticates with the identity server. The desktop application will include some generated web links which when clicked open a new browser window to a secured area of the Web application that requires authentication, however, upon clicking these
订阅 openid-connect