openid-connect

In Google's OpenID Migration Guide , for transitioning from OpenID 2.0 to OpenID Connect, step 1 is that I need to obtain OAuth credentials for my application. One thing I like about "regular" OpenID is that I can allow my users to authenticate from any IDP of their choosing. Whether they use Google, Yahoo, or any other endpoint, as a developer I don't need to go through the trouble of manually obtaining OAuth credentials from each of those providers and configuring my application to support them. As providers discontinue support for traditional OpenID, is there a way for me to allow users to

I have added a JWT middleware to my application: app.UseJwtBearerAuthentication(options => { options.AutomaticAuthenticate = true;} ) Now if my token does not validate (e.g. expired), I still get an error that lifetime validation did not pass. Is there a way to make the middleware validate the token only for protected resources? And if not, then how and where should I call what middleware does myself (reading the token into HttpContext.User)? P.S This is how I add protection: services.AddMvc(config => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); config

I have a SPA app which is backed by a rest api server. I use Auth0 for authentication and authorization using the implicit grant flow. All the examples I read explain that i should send the access token which I receive to the api for authorization purpose. For example : https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api On the other hand, I read that access token cannot be used as a proof for authentication: http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html https://oauth.net/articles/authentication/ That means, I cannot trust the sub claim on my

Update: Basically the same issue as Standalone PWA breaks login but on iOS. If you add a web app to the home screen, Chrome on android shares the local storage with the same domain in the browser. You can test this by going to https://wilfrem.github.io/add_to_homescreen_test/ then adding to home screen and see you have the same id when opened from home screen. (I did Nexus 5x) If you do the same in iOS Safari you get a new id. (i did iPod iOS 12.1.1) The oidc-client-js library sets a session reference in local storage and then recalls that on the web app s signin callback. So if you try to log

I have been using a library I created from samples allowing me to authenticate a .NET core web app with Azure Active Directory and to take advantage of the various OpenIdConnectOptions events (e.g. OnTokenValidated ) to add certain claims to the principal as well as add that data to an identity-like database so that APIs can make policy-based determinations of the caller based on their token. But I would just rather use the Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet package than my customized variation, I am just not sure how to reach in and access the event on the

I am developping a Google Chrome extension, to allow users to authenticate with their Google Accounts, i decided to use Chrome Identity API . To authenticate the user in my Application i need to get the ID_Token (signed token) is there a way to get OpenID Connect Token with Google Chrome Identity API ? Thanks for your help ! Piotr Sobiech This is a paste of my answer from the other thread https://stackoverflow.com/a/32548057/3065313 I've came to the same problem yesterday and since I've found a solution, I might as well share it, as it wasn't that obvious. As far as i know Google does not

I am attempting to integrate Ping Federate as an external OIDC provider for my IdentityServer4 instance. When I initiate the external login flow I am getting the following error: System.Exception: Correlation failed. at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRequestAsync>d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at IdentityServer4.Hosting

The AWS Cognito documentation is very sketchy when it comes to explaining OpenID Connect providers or how to implement auth using say LinkedIn. The nearest example is of SalesForce https://aws.amazon.com/blogs/security/building-an-app-using-amazon-cognito-and-an-openid-connect-identity-provider/ These steps did not work for LinkedIn using it Javascript SDK. Not able to retrieve id_token similar to FB or Google JS SDK. AWS needs id_token to return the AWS credentials. Anyone has successfully implemented Linked with AWS Cognito? Nope. It seems Linkedin does not offer full OpenID Connect. Also