openid-connect

问题 I'm using Identity Server 4 and I'm trying to use the introspection endpoint, but just by the docs I'm not getting it. The docs just gives this example POST /connect/introspect Authorization: Basic xxxyyy token=<token> Now, why there is this basic authentication and what should be xxxyyy? I mean, there's no basic auth set in my app. I've just setup Identity Server 4 using ASP.NET Core as follows in the ConfigureServices : services.AddIdentityServer() .AddTemporarySigningCredential()

问题 I'm using Keycloak with an external OAuth server used as id provider. When I try to login, Keycloak send an authentication backchannel request in which the OAuth server replies with a JWT. When decoding that JWT, Keycloak fails with this exception Caused by: com.fasterxml.jackson.core.JsonParseException: Numeric value (1539167070926) out of range of int at [Source: (byte[])"{"sub":"20008203","aud":"Test-Keycloak","amr":["pwd","mobile"],"iss":"oauth","exp":1539167070926,"iat":1539163470926,

问题 I've extracted a user's groups information from the OIDC endpoint of Keycloak, but they don't come with the group ATTRIBUTES I defined (see Attributes tab into the group form, near Settings). Is there a claim to add to my request? I'm using a RESTeasy client to reach Keycloak's admin API (had much better results than using the provided admin client, yet): @Path("/admin/realms/{realm}") public interface KeycloakAdminService { @GET @Path("/users/{id}/groups") @Consumes(MediaType.APPLICATION

问题 First of all, sorry for possible duplication, I'm sure this question was asked many times in many forms but I can't find clear answer or direction how to start. What I am trying to do is sso for our organization apps on android and I want it with native experience(without browser). I have oidc built on identityserver4 and it's already in production with web and mobile clients. I'm not asking for implementation details here, just some reference, good example for how to create app which will be

问题 We are testing our own OIDC-IDP with a commercial client. (We don't have access to the clients code.) After some tests, the client always returns OpenID Connect token validation failed: Token signature invalid (ID_TOKEN) The IDP is in the wild of the web, the client is in our own network with a SSL breaker in between. We have a test client, also in the WWW, which works fine. My question is, which certificate does the OIDC-client use to verify the signature. Is it the certificate of the

问题 SEE Below for code that solved this issue I'm trying to find the best and most efficient way to deal with a refresh token that has expired within ASP.NET Core 2.1. Let me explain a bit more. I am using OAUTH2 and OIDC to request Authorization Code grant flows (or Hybrid flow with OIDC). This flow/grant type gives me access to an AccessToken, and a RefreshToken (Authorization Code as well, but that is not for this question). The access token and refresh token are stored by ASP.NET core, and

问题 I'm writing a web app which I want to have flexible authentication options due to different customers' needs. I'm using the official cakephp/authentication library, but it doesn't have an OpenID Connect Authenticator, so I'm rolling my own. The problem I'm having is that I can't return a modified Cake\Http\Response object with a redirect header from my Authenticator. AuthenticatorInterface requires the authenticate() method to return a Result object. I'm hoping to not have to modify more than

问题 The bounty expires in 3 days . Answers to this question are eligible for a +50 reputation bounty. immayankmodi is looking for an answer from a reputable source : Need to fix above issue on Azure. I've 2 projects: Project1 is main app ( localhost:4016 ) Project2 is child app ( localhost:4055 ) and sharing authorization token cookies between 2 projects. It's working fine locally but not working while hosted on Azure. Getting following error: Access to XMLHttpRequest at 'https://devplatform

问题 I try to setup authentification for an Angular app using authorization code and Azure AD B2C (oidc-client on client side), but I'm getting these errors from Angular: After looking in B2C audit logs, I found this error message: Clients must send a client_secret when redeeming a confidential grant. Here's my client side configuration: const settings = { stsAuthority: 'https://supportodqqcdev.b2clogin.com/supportodqqcDev.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1

问题 I'm setting up a client credential flow with my identity server to get an access token from a client. I'm able to get the access token with the following code, Identity server configuration: public void Configuration(IAppBuilder app) { app.Map("/identity", idsrvApp => { var corsPolicyService = new DefaultCorsPolicyService() { AllowAll = true }; var idServerServiceFactory = new IdentityServerServiceFactory() .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(Scopes.Get()) .UseInMemoryUsers