openid-connect

问题 Based on the research I did, I believe ADFS (2016) is supporting OpenID Connect Session Management. But I could not find the end_session_endpoint of our installed ADFS 2016 server. I found that in Azure (https://login.windows.net/contoso.com/.well-known/openid-configuration) we have this endpoint as https://login.microsoftonline.com/[tenant]/oauth2/v2.0/logout. But unfortunately we don't see a similar endpoint in our installation. We have for example authorisation endpoint, token endpoint,

问题 If I specify a redirect URI in my OpenIdConnectAuthenticationOptions like so app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = Authority, PostLogoutRedirectUri = postLogoutRedirectUri, RedirectUri = redirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { AuthenticationFailed = context => { context.HandleResponse(); context.Response.Redirect("/Error?message=" + context.Exception.Message); return Task.FromResult(0

问题 I am getting user undefined in following code. I have already authenticated user from MVC. But when I use signinSilentCallback to get detail of that user, it is getting undefined using oidc-client in js. It doesn't give any error as well. var mgr = new UserManager({ authority: "http://localhost:5000", client_id: "js", redirect_uri: "http://localhost:50144/signin-oidc", silent_redirect_uri: "http://localhost:50144/signin-oidc", response_type: "id_token token", post_logout_redirect_uri: "http:/

问题 I'm writing an API back-end that I want to use OpenID Connect (OIDC) to secure. I've been reading the documentation but I'm still a bit confused what process applies to each and every API request. The Open ID Connect code flow appears to be: Which I'm fine with, as a one-time process. My back-end API sees an authorization code in the HTTP headers, and sends a request to the authorization server to get the id token. Assuming this validates OK, the data requested is returned in the API response

问题 I am writing a REST API to be consumed by our internal applications. I need to login and logout users of the identity server using code grant via http requests presentation I need to know how to call the following endpoints: /authorize (invoked from server-side) /accesstoken (invoked from server-side) /login /logout CASE: Our company has many applications. I want one point of authentication which will happen in their company-x account like how you only need to login to atlassian account to

问题 I'm having difficulties setting up ADFS with OpenID Connect on Windows Server 2016. I've setup AD for testing and I can successfully authenticate, however the email claim is not in the id token. Additionally I've setup an external ADFS in the Claims Provider trust. It is displayed as an option, however upon logging in I get the error: MSIS9642: The request cannot be completed because an id token is required but the server was unable to construct an id token for the current user. Anybody have

问题 I've read in multiple places that OpenID Connect is mobile friendly and SAML is not really designed for mobile. I'm new to both of these protocols but what I understood is that the mobile apps need to launch a browser equivalent (WebView) in order to handle the authentication at IDP and also to handle the redirects involved with SAML flow. Can this be avoided with OIDC? I'm not interested in how social logins with Google etc work but scenarios where enterprises federate via OIDC. Is it even a

问题 In Google's OpenID Migration Guide, for transitioning from OpenID 2.0 to OpenID Connect, step 1 is that I need to obtain OAuth credentials for my application. One thing I like about "regular" OpenID is that I can allow my users to authenticate from any IDP of their choosing. Whether they use Google, Yahoo, or any other endpoint, as a developer I don't need to go through the trouble of manually obtaining OAuth credentials from each of those providers and configuring my application to support

问题 I need to implement Authorization/Authentication for an Angular2 Client Side WebApp to talk to a Resource Server(WebApi). I am investigating IdentiyServer4 and choosing a Grant Type / Flow. HERE Resource Owner Password Credentials Grant(What we use now.) "This is so called “non-interactive” authentication and is generally not recommended". Authorization Code & Hybrid <- Solution to Implicit Flow not allowing Refresh Tokens.(Seems fairly complex to me. But is this the way to go?) Implicit Flow

问题 I'm attempting to use the OWIN Open ID Connect middleware to outsource authentication for my ASP.NET application to Azure Active Directory. The application successfully redirects to the Azure AD sign-in page upon accessing a page that requires authorisation. However upon signing in to Azure AD I'm encountering the following error: AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID. Here is the call to