openid-connect

I am working on a project where a third party provider will act as an Oauth2 based Authorization Server. An Asp.net MVC 5 based client which will send the user to the authorization server to authenticate (using login / password) and the auth server will return an access token back to the MVC client. Any further calls to resource servers (APIs) will be made using the access token. To achieve this I am using Microsoft.Owin.Security.OpenIdConnect and the UseOpenIdConnectAuthentication extension. I am able to successfully redirect and get the access token from the auth server but the client is not

We have multiple tenants, and they use different authorities (their own, not just standard providers). While I know how to dynamically set the clientId and secret, I can't figure out how to set the authority. It is set once, during startup, and afterwards it cannot be changed (or so it seems). Since we have a lot of tenants we don't want to register all at startup, and we also don't want to require a restart when tenants are added. Any suggestions how I can go about this? I'd love to use the existing middleware, but if it's not possible I could write my own. Appreciate any suggestion! While a

I plan to develop a web application that supports OpenID Connect as a relying party, so that a user of the application can sign up and log in using the identity provider of his choice. (This is the same tech that "My Logins" on each Stack Exchange site uses.) This application would be available for download and installation by server operators, much as WordPress, phpBB, and MediaWiki software are made available. With which OpenID Connect providers should a server operator expect to have to sign up manually? Back when OpenID 2.0 was the most common protocol version, most identity providers

I have a multi-tenant (single database) application which allows for same username/email across different tenants. At the time of login (Implicit flow) how can I identify the tenant? I thought of following possibilities: At the time of registration ask the user for account slug (company/tenant slug) and during login user should provide the slug along with username and password . But there is no parameter in open id request to send the slug. Create an OAuth application at the time of registration and use slug as client_id . At the time of login pass slug in client_id , which I will use to fetch

I'm trying to implement SSO on my React-Redux app using an OpenID-Connect provider. The intent is to protect all components and redirect the user to the Identity Provider's login page if the session ends. This is why I cannot have a dedicated Login page (component) in the application. I've read that saving JWTs in the localStorage could be a good idea so I was thinking of using a flag isAuthenticated in the Redux store and keep JWTs in the localStorage. I can then fetch the JWTs from the localStorage to authenticate other APIs I'd be calling from within my app. Is this approach appropriate?