openid-connect

I am using Visual Studio 2015 Enterprise and ASP.NET vNext Beta8 to issue and consume JWT tokens as described here . In our implementation we're storing some client details in Redis at token issuing time and we would like the flush this information when the user logs out. My question is what is the best practices for logging out with OIDC? While I could roll my own contoller for this purpose I couldn't help but notice Open ID Connect (OIDC) seems somewhat primed to handle this case. For example OIDC has an OnLogoutEndpoint handler and LogoutEndpointPath settings. But when I call the OIDC

I'm trying to implement OpenId Connect in an SPA application with WSO2 Identity Server 5.0.0. I'm trying to use Implicit Flow but I always received an error from the identity server. GET Request: https://idserver:9443/oauth2/authorize?response_type=id_token& client_id=abcd& redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F Error Response: invalid_request, Invalid response_type parameter value Is response_type=id_token supported? Hos With WSO2 Identity Server 5.0.0 OpenID Connect "id_token" response type is not implemented. The "Implicit" settings in the configuration only work for OAuth 2.0

What is the correct oauth2 flow for a desktop application? Besides a desktop application I have a SPA Web GUI which does use the Implicit flow. There it does not matters if the client Redirects after 3600s to the IdP to issue a new Access token. But the desktop application needs to be running 24/7 or could be running 24/7. So it needs to automatically refresh the access token via a refresh_token. But since the implicit flow does not provide refresh tokens it is probably the wrong flow for a desktop app, isn't it? I guess I need the auth code flow, which does provide a refresh_token. But

Background We developed an application in 2016 that authenticated using WS-Federation, to grab claims from the on-premises AD. The direction of the IT strategy has changed, and is moving toward Azure AD (currently hosting a hybrid environment). We're in the process of migrating the authentication from WS-Fed, to AAD, using OpenIDConnect. Getting the user signed in and authenticated with the new method was surprisingly straightforward - do the config properly, and issue the authenticate challenge, and Robert is your mother's brother. The Problem Please correct me if I'm getting my terminology

I'm trying to implement the OpenID Connect specification for my organisation. I'm using Microsoft's OWIN implementation of OpenID Connect in a test relying party application to verify my implementation of the protocol. I've exposed the following metadata document: { "issuer": "https://acs.contoso.com/", "authorization_endpoint": "http://localhost:53615/oauth2/auth", "token_endpoint": "http://localhost:53615/oauth2/token", "userinfo_endpoint": "http://localhost:53615/connect/userinfo", "jwks_uri": "http://localhost:53615/connect/keys", "ui_locales_supported": [ "en-GB" ] } The signing key is

question related to this post here: Configure the authorization server endpoint . Using the above example I am able to get token. previously it was possible to get additional information by over riding public override Task TokenEndpoint(OAuthTokenEndpointContext context) { foreach (KeyValuePair<string, string> property in context.Properties.Dictionary) { context.AdditionalResponseParameters.Add(property.Key, property.Value); } return Task.FromResult<object>(null); } how do you achieve that in the current implementation of public override Task TokenEndpoint(TokenEndpointContext context){ }

The example on the AspNet.Security.OpenIdConnect.Server looks to me like both an auth and resource server. I would like to separate those. I have done so. At the auth server's Startup.Config, I have the following settings: app.UseOpenIdConnectServer(options => { options.AllowInsecureHttp = true; options.ApplicationCanDisplayErrors = true; options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme; options.Issuer = new System.Uri("http://localhost:61854"); // This auth server options.Provider = new AuthorizationProvider(); options.TokenEndpointPath = new PathString("/token");