Stack Overflow
Stack Overflow

Questions tagged [identityserver4]

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework based on ASP.NET Core

IdentityServer4 is an OpenID Connect Provider and OAuth 2.0 Authorization Server Framework built on ASP.NET Core.

Allows for the implementation of single sign-on and access control for modern web applications and APIs using protocols such as OpenID Connect and OAuth2. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures.

IdentityServer4 is officially certified by the OpenID Foundation and thus spec-compliant and interoperable. It is part of the .NET Foundation, and operates under their code of conduct. It is licensed under Apache 2 (an OSI approved license).

For the .NET 4.x, katana based version see Identity Server 3

5377 questions
35
votes
4 answers

Role based authorization with IdentityServer4

I am trying to implement "Role Based Authorization" using IdentityServer4 to give access to my API based on the user roles. For example , I want to have two roles for the user i.e. FreeUser and PaidUser and want to give access to the API through…
muhammad waqas
  • 742
  • 1
  • 5
  • 20
34
votes
4 answers

Why is ClaimTypes.NameIdentifier not mapping to 'sub'?

Using ASP.NET Core 2.2 and Identity Server 4 I have the following controller: [HttpGet("posts"), Authorize] public async Task GetPosts() { var authenticated = this.User.Identity.IsAuthenticated; var claims =…
Miguel Moura
  • 36,732
  • 85
  • 259
  • 481
34
votes
3 answers

How to correctly use the introspection endpoint with identity server 4?

I'm using Identity Server 4 and I'm trying to use the introspection endpoint, but just by the docs I'm not getting it. The docs just gives this example POST /connect/introspect Authorization: Basic xxxyyy token= Now, why there is this basic…
user1620696
  • 10,825
  • 13
  • 60
  • 81
33
votes
2 answers

Identity Server 4 - IDX10630: PII is hidden

I'm fairly new to using encryption and rsa tokens and I'm trying to get IDentityServer4 to not use the developersigning, but one of my own. Here is what I have tried so far: var keyInfo = new RSACryptoServiceProvider().ExportParameters(true); var…
Bagzli
  • 6,254
  • 17
  • 80
  • 163
31
votes
5 answers

WindowsCryptographicException: Keyset does not exist

I want to create or obtain a certificate, create a pfx-file, load it and have IdentityServer use it. However, IdentityServer is not able to use my pfx. How to successfully create a pfx and have IdentityServer use it? I have an IdentityServer4 web…
Erlend
  • 341
  • 1
  • 3
  • 5
31
votes
1 answer

User Registration Process with IdentityServer4

I'd like to use IdentityServer4 for authentication in my ASP.NET Core MVC web application, but the user registration process seems awkward. Most web sites that require user registration don't redirect you do a separate site (e.g. Facebook, Twitter,…
DMannion
  • 313
  • 1
  • 3
  • 4
29
votes
3 answers

IdentityServer4 vs Auth0

We want to build a central authority to do authentication and authorization for our various applications (.net). We see IdentityServer4 is open source and free, while Auth0 cost money. Does anyone use both of these? Can anyone provide suggestion…
martial
  • 3,773
  • 8
  • 33
  • 43
29
votes
5 answers

Generate access token with IdentityServer4 without password

I have created ASP.NET Core WebApi protected with IdentityServer4 using ROPC flow (using this example: https://github.com/robisim74/AngularSPAWebAPI). How to manually generate access_token from the server without password?
Roman Kolesnikov
  • 11,777
  • 11
  • 44
  • 67
29
votes
7 answers

Integration testing with in-memory IdentityServer

I have an API that uses IdentityServer4 for token validation. I want to unit test this API with an in-memory TestServer. I'd like to host the IdentityServer in the in-memory TestServer. I have managed to create a token from the IdentityServer. This…
Espen Medbø
  • 2,305
  • 1
  • 19
  • 24
27
votes
1 answer

How to create a signing certificate and use it in IdentityServer4 in production?

Most (all?) the sample code on the IdentityServer4 docs site uses AddDeveloperSigningCredential(), but recommends using AddSigningCredential() instead in production. I spent more hours than I care to think about trying to figure out how to do…
Rob
  • 1,214
  • 1
  • 11
  • 20
27
votes
2 answers

Identity server is keep showing "Showing login: User is not authenticated" in /connect/authorize/callback

Using IdentityServer4, I'm implementing Code flow authorization on an existing system which supports only ResourceOwnerPassword grant type in IdentityServer and works well. I got into a stage where the user is promoted to authenticate, then…
Homam
  • 23,263
  • 32
  • 111
  • 187
27
votes
3 answers

OAuth scopes and application roles & permissions

Currently my application is verifying user's access based on the roles and permissions. For example, if a user is admin then he has all permissions. However, now I am implementing OAuth 2.0 and OpenIdConnect for single sign on and token based…
John
  • 583
  • 2
  • 7
  • 12
26
votes
3 answers

AddSigningCredential for IdentityServer4

We are using IdentityServer4 with .NET Core Web Application("http://docs.identityserver.io/en/release/quickstarts/0_overview.html"). We have replaced AddDeveloperSigningCredential with AddSigningCredential(CreateSigningCredential()). As we cannot…
Rakesh Kumar
  • 2,701
  • 9
  • 38
  • 66
25
votes
4 answers

InvalidOperationException: Key type not specified. Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()

Summary Attempting to publish a basic .NET Core React app with auth functionality I am receiving an error with IdentityServer. This is using dotnet new react --auth Individual, .Net Core 3.0 Preview5, and following the instructions here and…
user
  • 1,261
  • 2
  • 21
  • 43
24
votes
1 answer

Identity Server 404 after login (stuck on signin-oidc)

I followed the Identity Server 4 documentation to set up an example server on my local machine. My problem is, that after I log in the application gets stuck on "signin-oidc" page and the logs indicate a 404. I followed the instructions to a T, even…
Ruhrpottpatriot
  • 1,058
  • 3
  • 17
  • 31
1
2
3
99 100