Stack Overflow
Stack Overflow

Questions tagged [identityserver3]

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework based on Katana.

IdentityServer 3 (IdSrv3) is a .NET/Katana-based framework and hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures.

1321 questions
5
votes
1 answer

IdentityServer gets into infinite loop of authentication

I have the following client set up in IdentityServer: new Client { ClientName = "My web application", Enabled = true, ClientId = "mywebapp", ClientSecrets = new List { new ClientSecret("somesecret") }, …
orad
  • 15,272
  • 23
  • 77
  • 113
5
votes
0 answers

adding reference to thinktecture.identityserver.3 causes This type has no accessible object constructors error in existing code

I'm attempting to host an openid connect identity server in a F# wep api project, I'm using the F# MVC templates and the pre-release package of identity server When I create either of the Katana based web api projects and subsequently add the…
Richard
  • 1,804
  • 16
  • 22
4
votes
1 answer

Identity Server 3 Access Token Validation Library Cannot Validates Tokens Generated from Identity Server 4

I have an Identity server that was developed on Identity server 4 (v3.1.2) and a .NET Web API that was developed on .NET Framework 4.6. In the web API, I am using the Identity Server 3 Access Token Validation library (v2.14.0) to validate the…
diyath.nelaka
  • 193
  • 14
4
votes
3 answers

IdentityServer - How to add additional claim to client credential token?

Ideal functionality: A user is logged in and authenticated to website A. They click a button, the backend looks up the ID of the account in website B from the database, then send this information to IdentityServer to create a JWT that contains the…
Evan
  • 41
  • 1
  • 4
4
votes
1 answer

Can I use IdentityServer3 Authorization Code Flow with PKCE and no client secret?

I am looking to extend our ID server instance to support mobile apps and wish to use Authorization Code Flow with PKCE. As this is a public client I do not wish to store the secret on the app but it appears ID3 requires a secret. Can anyone confirm…
Lastbuilders
  • 79
  • 4
4
votes
1 answer

identityServer4 with Login Step-up and MFA

In one of my Projects i need to implement Login Step-up. That means a user can login an application with simple username and password to get some readonly access access on website and API behind it. If user want to performan any sensetive data…
sezanawa
  • 85
  • 1
  • 7
4
votes
0 answers

IdentityServer/OWIN: Client not being redirected to Login page after Logout

I have a new IdP that implements IdentityServer4 (.NET Core). I am using it to provide SSO/Cookie authentication/authorization to an MVC5 client app. Since the client app is not .NET Core, I use the IdentityServer3 and Microsoft.Owin nugets in…
Ken
  • 1,830
  • 3
  • 20
  • 32
4
votes
0 answers

Automatic log out after period of inactivity with Identity Server and OpenId Connect

I currently have an angular 2 SPA calling a Web API. I am using a Security Token Service implemented with Identity Server 3 and the oidc-client-js javascript library to provide authentication and authorization to use the Web API. The protocol is…
Dwall
  • 41
  • 3
4
votes
1 answer

How to use identityserver3 in asp.net core 2.0 webapi to validate token from Identityserver3 server

I have a identityserver which is using IdentityServer3 to issue tokens. I am creating an asp.net core 2.0 api client. How to validate the token issued by Identityserver3 in ASP.Net Core 2.0 api application? I tried to install…
Mukil Deepthi
  • 6,072
  • 13
  • 71
  • 156
4
votes
0 answers

Identity Server 3 error : User is not active. Redirecting to login

I am stuck with this problem: I am using Identity Server 3 with ASP.Net Identity. When I reset my password the first time everything works fine and I am able to log in with my new password. Now when I try the forgot password feature a second time,…
kbaccouche
  • 4,575
  • 11
  • 43
  • 65
4
votes
0 answers

Response Mode => Form_post

Is there a way to set response mode to form post instead of fragments or query string in angular-oauth2-oidc component for implicit flow?
Boopathy T
  • 537
  • 3
  • 8
4
votes
3 answers

Why is IdentityServer redirecting to http rather than https?

I have a very simple MVC5 website that I'm trying to secure with IdentityServer3. Both my website and my IdentityServer instance are hosted as separate sites in AppHarbor. Both are behind https. When I hit a resource in my website that is protected…
SLP
  • 311
  • 3
  • 11
4
votes
2 answers

How to manage site specific profile data for an identity server protected API

We have a new web project where we have decided to use identityserver as a centralised identity management service. The idea being long term we can migrate other projects to this and maintain users in one place. The site itself consists of an…
Jon Eastwood
  • 813
  • 10
  • 22
4
votes
1 answer

IdentityServer3 PublicOrigin and IssuerUri Difference and Usage in IdentityServerOptions

I got some issue when deploying to IIS. Apparently the client uses reverse proxy and all of the OpenId configuration disco showing IP address instead of their domain name. PublicOrigin solves my problem. However, I still don't understand the…
Riza Marhaban
  • 368
  • 6
  • 20
4
votes
1 answer

Uses of Property "expires_at" in Identity Server Authentication Response Object

Question / Issue I would like to know the actual purpose of the "expires_at" property once I logged in successfully then the Identity Server returns the following Response JSON { "id_token":…
B.Balamanigandan
  • 4,713
  • 11
  • 68
  • 130
1 2 3
87 88