Stack Overflow
Stack Overflow

Questions tagged [identityserver3]

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework based on Katana.

IdentityServer 3 (IdSrv3) is a .NET/Katana-based framework and hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures.

1321 questions
16
votes
2 answers

Identity Server not returning refresh token

I'm trying to set up Thinktecture's Identity Server 3, but I can't seem to get it to return a refresh token when exchanging an authorization code (or when using the ResourceOwner flow, but I'm going to focus on the authorization code as it's more…
AJ Karnitis
  • 195
  • 1
  • 1
  • 9
16
votes
3 answers

Skip IdentityServer3 login screen

We have configured Client App to use IdentityServer3 authentication via OpenID Connect protocol (it's ASP.NET MVC App that uses OWIN middleware to support OIDC). The IdentityServer3 itself is configured to use both local login and external login…
Eugene D. Gubenkov
  • 5,127
  • 6
  • 39
  • 71
15
votes
1 answer

asp.net web form client with identity server 4

I have a asp.net solution which consists of 1). asp.net identity server rc 3 2). asp.net Core web api 3). asp.net webform ( not in asp.net core, client) I don't see any sample with identity server 4 and web form client. Can you please suggest how…
Asif Hameed
  • 1,353
  • 9
  • 25
  • 46
15
votes
2 answers

OWIN middleware for OpenID Connect - Code flow ( Flow type - AuthorizationCode) documentation?

In my implementation I am using OpenID-Connect Server (Identity Server v3+) to authenticate Asp.net MVC 5 app (with AngularJS front-end) I am planning to use OID Code flow (with Scope Open_ID) to authenticate the client (RP). For the OpenID…
Karthik
  • 3,075
  • 3
  • 31
  • 61
14
votes
5 answers

Transforming Open Id Connect claims in ASP.Net Core

I'm writing an ASP.Net Core Web Application and using UseOpenIdConnectAuthentication to connect it to IdentityServer3. Emulating their ASP.Net MVC 5 sample I'm trying to transform the claims received back from Identity Server to remove the "low…
Piers Lawson
  • 747
  • 2
  • 5
  • 18
14
votes
1 answer

How to make IdentityServer to add user identity to the access token?

Short: My client retrieves an access token from IdentityServer sample server, and then passes it to my WebApi. In my controller, this.HttpContext.User.GetUserId() returns null (User has other claims though). I suspect access token does not have…
LOST
  • 2,956
  • 3
  • 25
  • 40
13
votes
1 answer

Multiple IdentityServer Federation : Error Unable to unprotect the message.State

I'm trying to create a master slave type configuration for authentication with IdentityServer4 as below MyMasterIdentityServer0 (Master) - receives id_token and gives access_token |---> MySlaveIdentityServer1 (Basic Auth) |--->…
Tarunpreet Ubhi
  • 405
  • 1
  • 3
  • 18
13
votes
5 answers

Validating access token with at_hash

I'm trying to validate access tokens against at_hash. Token header is like this { "typ": "JWT", "alg": "RS256", "x5t": "MclQ7Vmu-1e5_rvdSfBShLe82eY", "kid": "MclQ7Vmu-1e5_rvdSfBShLe82eY" } How do I get from my access token to the Base64…
danijels
  • 5,211
  • 4
  • 26
  • 36
13
votes
2 answers

Enable Oauth2 client credentials flow in Swashbuckle

Im using IdentityServer3 to secure a Web API with the client credentials grant. For documentation Im using Swashbuckle but can't figure out how to enable Oauth2 in the SwaggerConfig for the client credentials (application) flow. Any help would be…
mstrand
  • 2,973
  • 5
  • 24
  • 26
13
votes
1 answer

OAuth token expiration in MVC6 app

So I have an MVC6 app that includes an identity server (using ThinkTecture's IdentityServer3) and an MVC6 web services application. In the web services application I am using this code in Startup: app.UseOAuthBearerAuthentication(options => { …
Gerald
  • 23,011
  • 10
  • 73
  • 102
12
votes
2 answers

In IdentityServer, what is the difference between Client Secrets and Scope Secrets?

Can someone please explain what the difference is between the two? I understand Client Secrets, but Scope Secrets are still not clear... as well as why a Scope Secret even needs to exist? While I found the documentation helpful in some ways, I did…
Rob L
  • 3,073
  • 6
  • 31
  • 61
12
votes
1 answer

IIS ASP.NET WebApi Deadlock when requesting the same server

We've been experiencing some deadlocks when working with interconnected ASP.NET WebApis on the same IIS server. We'd like to know if this is somehow an expected behavior, due to hosting all APIs on the same server and same Application Pool, since we…
Leonardo Chaia
  • 2,755
  • 1
  • 17
  • 23
11
votes
2 answers

IdentityServer client authentication with public/private keys instead of shared secrets

I'm trying to use public/private keys instead of a shared secret for client secrets with IdentityServer4. This approach is documented here. If it was a shared secret, the request would contain the secret in plain text. e.g. curl -X POST \ …
ubi
  • 4,041
  • 3
  • 33
  • 50
11
votes
3 answers

How to set expiration date to client cookies?

I configured Identity Server: public void Configuration(IAppBuilder app) { var factory = new IdentityServerServiceFactory().UseInMemoryClients(new Client[] { new Client() { ClientName = "MyClient", …
Artem
  • 1,773
  • 12
  • 30
11
votes
2 answers

Is it possible to have SPA authentication without redirecting to an outside login page

I am currently developing an SPA application that connects to a bunch of webAPI's. These API require that the user is logged in, so I started digging into Openid Conect and OAuth2 examples, mostly using IdentityServer. They all require, for SPA…
Arthur Rizzo
  • 1,337
  • 15
  • 30
1
2
3
87 88