openid-connect

This question was migrated from Information Security Stack Exchange because it can be answered on Stack Overflow. Migrated 4 years ago . Learn more . I am building a cross-platform mobile app that interacts with a RESTful API, and I want to use OpenID Connect to authenticate my users. I will be building my own OpenID Connect provider server. OpenID.net claims that: OpenID Connect allows for clients of all types, including browser-based JavaScript and native mobile apps, to launch sign-in flows and receive verifiable assertions about the identity of signed-in users. However, I can't find any

I have 2 different applications: say Application1 and Application2 . I have integrated Application2 with keycloak and I am able to login to this application using Keycloak's login page. Now what I want is, if I login to my Application1 (without keycloak), I should be able to call some API of keycloak to login to application2 (without rendering keycloak's login page). It is feasible? If yes, how? Any help will be highly appreciated. Thanks You are effectively asking your users to trust that Application1 will manage their keycloak credentials securely. This is not recommended because better

Scenario Suppose a hacker using a single page webapp https://example.com?secure=maybe has authenticated and obtained a OpenID Connect token that is used to access micro services. The hacker manages to fish these credentials out of the application. ( Follow up question on that here ) The hacker creates another application running on localhost that loads the credentials obtained. The hacker also points localhost to https://example.com in /etc/hosts such that now opening the address https://example.com runs the hackers web application instead of the real one. Question Can the hackers application

I am using Dex as our Identity provider and connecting it to LDAP. Below is my ldap config in Dex: connectors: - type: ldap id: ldap name: LDAP config: host: myhost.staging.com:636 insecureNoSSL: false insecureSkipVerify: false bindDN: cn=prometheus-proxy,ou=serviceaccounts,dc=staging,dc=comp,dc=com bindPW: 'prometheus' rootCA: /etc/dex/ldap/ca-bundle.pem userSearch: baseDN: ou=people,dc=staging,dc=comp,dc=com filter: "(objectClass=person)" username: uid idAttr: uid emailAttr: mail nameAttr: uid groupSearch: baseDN: ou=appgroups,dc=staging,dc=comp,dc=com filter: "(objectClass=groupOfMembers)"

Is there a pattern to design an app who's cappable of authenticate users with both Open Id Connect (connected in Azure AD) and a local database? The app I'm creating will have users from a company that does has an Azure Active Directory, but also has users not employed by said company who must use the app since they are not registred in Azure AD. The authentication method without the Azure AD should use a local database, not other authentication providers. You can use ASP.NET Identity for managing your local users in database ,and use Azure AD as external identity provider which enable the AAD

I am using Visual Studio 2015 Enterprise Update 1 and ASP.NET vNext rc1-update1 to issue and consume JWT tokens as described here . In our implementation we want to control token lifetime validation. We tried several approaches, all of which had undesirable side effects. For example in one attempt we took over the TokenValidationParameters.TokenValidationParameters.LifetimeValidator event in the Configure method: app.UseJwtBearerAuthentication ( options => { options.TokenValidationParameters = new TokenValidationParameters() { LifetimeValidator = (DateTime? notBefore, DateTime? expires,

I have the following client set up in IdentityServer: new Client { ClientName = "My web application", Enabled = true, ClientId = "mywebapp", ClientSecrets = new List<ClientSecret> { new ClientSecret("somesecret") }, Flow = Flows.Hybrid, ClientUri = "https://app.mydomain.com", RedirectUris = new List<string> { "oob://localhost/wpfclient", "http://localhost:2672/", "https://app.mydomain.com" } } And it is hosted online, let's say https://auth.mydomain.com/core . Trying to modify the MVC OWIN Client (Hybrid) sample client to log-in to the above identity server, in Startup.cs I modified the

https://identityserver4.readthedocs.io/en/release/intro/support.html I currently issue tokens myself in my web api with JwtSecurityToken and I use standard ASP.NET Core middleware calling AddJwtBearer to verify the tokens. It works fine. What advantage will give me using OpenID Connect (through IdentityServer4) over the approach described above? How to answer myself question "Do I need OpenID Connect?" From my basic understanding about OpenID Connect, it is used to allow third parties to access your API. But I make API for myself and not for third parties and I don't know why should I favor