Stack Overflow
Stack Overflow

Questions tagged [identityserver3]

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework based on Katana.

IdentityServer 3 (IdSrv3) is a .NET/Katana-based framework and hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures.

1321 questions
5
votes
3 answers

Can MSAL be used with my own authority (e.g. IdentityServer)

I have my own identity authority set up using the Identity Server. I'm running a native windows application and currently I'm using IdentityModel's OidcClient library to connect on the authority and obtain the token. I want to add support for Azure…
Dejan Dakić
  • 2,418
  • 2
  • 25
  • 39
5
votes
2 answers

Keycloak with OpenIdConnect external identityprovider

I have a external openidconnect identity provider registered with Keycloak. When the client app tries to access the protected resource it gets redirected to KeyCloak login page. On the login page I have the external openidconnect provider buttons…
Kumar
  • 61
  • 1
  • 3
5
votes
2 answers

IdentityServer 3 signing certificate expiry

What happens when the signing certificate (used for signing jwt tokens) expires when using IdentityServer 3? It's unclear to me and I can't find any documentation, other than that it's possible to get a warning that it has expired. (Ref.…
Anton
  • 1,346
  • 11
  • 31
5
votes
2 answers

How to configure UseCookieAuthentication behind a load balancer

I am configuring a .netcore application to use OIDC authenication (provided by IdentityServer). I have included the following code in my StartUp app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies", …
sandy
  • 913
  • 1
  • 10
  • 25
5
votes
1 answer

Secure API with Azure AD/B2C users

My use case is: Create users via API with custom fields, nominated password using any email address Update/disable those users via API 'Sign in' to Azure AD app with user details via rest API to obtain token Make authorised requests to Web API…
Matt Rowett
  • 266
  • 1
  • 18
5
votes
2 answers

Is there a way to renew IDP session token from a Client in Identity Server

I am using Identity Server to achieve Single Sign In/Out for the apps at my company. Is there any way to make it so that when a Client's cookie is renewed (via Sliding Expiration) it also goes to the IDP and renews the expire time on the it's…
LukeP
  • 1,505
  • 1
  • 16
  • 25
5
votes
3 answers

How to add claims to access token for identityserver3 using custom user service

I am trying to create a custom user, authenticate them and then return the user claims into an angular application using identity server 3. I've looked over the samples, specifically the CustomUserService project. Edit I've updated question based…
rlcrews
  • 3,482
  • 19
  • 66
  • 116
5
votes
1 answer

IdentityServer3 with EF support and Asp.NEt Identity

I am planning to use IdentityServer3 with IdentityServer3.EntityFramework for Clients,Scopes and OperationalData. And I also want to configure user store using IdentityServer3.AspNetIdentity What is the recommendation here? Is it okay to have…
LP13
  • 30,567
  • 53
  • 217
  • 400
5
votes
1 answer

ASP.NET WebApi Security: Confusions with HMAC, OAuth, IdentityServer, Auth0

I trying to build an application which uses the webapi 2 and angular js 1 at the front end. I have been researching the security aspects especially token based security. I could find a lot of things and it's really confusing what to implement…
Avishekh Bharati
  • 1,858
  • 4
  • 27
  • 44
5
votes
1 answer

Add id_token as claim AspNetCore OpenIdConnect middleware

I am trying to set IdTokenHint when sending the sign out request. In the previous Microsoft.Owin.Security.OpenIdConnect middleware I would be able to set the id_token as a claim in the SecurityTokenValidated method using the SecurityTokenValidated…
LukeP
  • 1,505
  • 1
  • 16
  • 25
5
votes
1 answer

How to set up cookie based authentication with NancyFx and IdentityServer3 (non-API website)

We have an environment with the following: Standalone IdentityServer3 instance (issues reference tokens, not jwt) ASP.NET WebAPI resource server .NET client applications that authenticate against IdSvr (via resource owner flow) ...and now we'd…
Sam Storie
  • 4,444
  • 4
  • 48
  • 74
5
votes
1 answer

Identity Server 3 Access Token Validation endpoint fails with Audience Validation Failed

I have an IdentityServer3 instance set up and I am requesting a token using the authorize endpoint (/core/connect/authorize). My application requesting the token is an iOS application. I pass the following parameters;…
Carl Thomas
  • 3,605
  • 6
  • 38
  • 50
5
votes
2 answers

AuthorizeAttribute for Actions

TL;DR: How does an MVC app know to redirect to a certain action after going through authentication process when IdentityServer3 does a form post to the return url which is always the root url? The examples in this question are taken from the…
danijels
  • 5,211
  • 4
  • 26
  • 36
5
votes
1 answer

Identity Server v3 Custom Page Reset Password

I want to make on login page a URL that will redirect to http://server/resetpassword/ and there will be my cusotm page, made CustomViewServices from samples, but there is not example how to add your own…
Andrian Durlestean
  • 1,730
  • 1
  • 19
  • 30
5
votes
1 answer

How to secure IdentityManager with IdentityServer v3

Brock Allen released the new beta version of IdentityManager last week. There are quite some changes in the security model, so the configuration also changed. He even took some videos (Setting up ASP.NET Identity and Security and IdentityManager) on…
ilter
  • 4,030
  • 3
  • 34
  • 51
1 2 3
87 88