Stack Overflow
Stack Overflow

Questions tagged [oidc-client-js]

Use oidc-client-js for questions related to the certified OpenID Connect (OIDC) JavaScript library

References

200 questions
4
votes
1 answer

Identity Server 3 User Session Lifetime

I'm securing a web app with identity server 3. My app is split into 2 oidc clients a ASP.Net MVC client and a javascript(angular) client which uses the oidc-client javascript library. When a user first visits the web app we redirect for log in to…
Twisted
  • 2,939
  • 4
  • 32
  • 54
3
votes
1 answer

Identity server 4 - prevent replay attack using Authorization Code flow+ PKCE with oidc-client

We recently failed a pen test due to our implementation of Identity Server 4 not preventing a replay attack. I have uploaded a simplified version of our setup to github to demonstrate what is going…
Alex Driver
  • 125
  • 7
3
votes
0 answers

React app oidc-client IE11 problem when calling signInCallback()

I've been building this react app for a couple of months now and everything was fine. I'm using oidc-client and it works like a charm with the other browsers but when it comes to IE11 there is a problem. I'm calling the function from a js bundle…
Krasimir Kolev
  • 31
  • 3
3
votes
0 answers

Cypress Login command for IdentityServer and oidc-client-js

I'm hoping someone can suggest an approach for making a cypress login command, similar to the one in the article below, work with oidc-client-js https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/ Normally oidc-client-js saves some…
Joseph Mills
  • 31
  • 1
  • 3
3
votes
2 answers

Validate state and nonce in oidc-client

what I understood is- oidc-client generates nonce and state and sends it to an authorization server(Identity server 4). This is used to prevent CSRF attack, replay attack. State and nonce are sent through signinredirect() sample example…
Ishika Jain
  • 949
  • 2
  • 11
  • 23
3
votes
1 answer

Oidc-client infinite loop when calling signinRedirect

I'm using angular 8 with oidc-client-js. I'm connected to IdentityServer4 (Code Flow + PKCE). After I open the app (inside main component) I want to check if user is authenticated. That's why I call signinRedirect(). Instead of manually clicking the…
dawzaw
  • 419
  • 6
  • 17
3
votes
0 answers

Token expiration issue using oidc-client?

I have a site which is using IS4 and the front end is Angular 7. I have the oidc-client library to handle all user authentication etc and everything works fine. This is the first time I'm seeing this issue though. I can log in and interact just…
Carlos Torrecillas
  • 4,965
  • 7
  • 38
  • 69
3
votes
2 answers

Silent refresh authenticates on OPTIONS preflight but not on GET to UserInfo endpoint

Environment: IdentityServer4 instance supporting implicit flow Angular 7 client apps using oidc-client-js ASP.NET Framework Web API resources using the IdentityServer3 Katana Access Token Validation Middleware Basic token issuance and validation…
Collin Barrett
  • 2,441
  • 5
  • 32
  • 53
3
votes
1 answer

OpenID Connect: Is it an error to request scope openid with response_type token

There is a misbehaving OpenID Connect "compatible" iDP (it shall remain nameless for now) - it throws an error when using scope openid and any response_type that includes id_token. That is surely a bug which has been reported. That same iDP also…
Martin Bartlett
  • 403
  • 4
  • 10
3
votes
2 answers

How to handle oidc silent renew error

I have a setup with redux-oidc authenticating against an identity server. I can log in, and I can see that silenRenew works as expected when the token expires. There is one problem though. If I open my site and let the computer go to sleep, when I…
Sune
  • 1,326
  • 1
  • 11
  • 17
2
votes
1 answer

Dynamic post_logout_uri and redirect_uri in IdentityServer4

I came across an issue where one of my clients is sending postlogouturi with dynamic parameters. I have registered a client in ClientStore from the IdentityServer4 side new Client({ clientId: "some_id", redirectUri:…
p.durga shankar
  • 967
  • 8
  • 18
2
votes
0 answers

excel add-ins react oidc-client logout not working

I am creating excel add-ins using office.js, react.js and JavaScript. We implemented authentication using OIDC-client library. Authentication is working and we are receiving access_token and user details but if we click on sign-off from desktop…
sagar
  • 464
  • 4
  • 13
2
votes
0 answers

IdentityServer4 with oidc-client in Angular: login_required error in console when `signinRedirectCallback` is called

I'm using ASP.NET Core IdentityServer4 as the IdP and oidc-client library in my Angular project to integrate the id service. However, after user login, following error occurred twice in the web browser console: VM10 vendor.js:12638 ERROR Error:…
Sunny Chen
  • 37
  • 4
2
votes
0 answers

OIDC client js creating multiple iframes for check session in React JS

OIDC client js creating multiple iframes for check session in React JS. For every page navigation, 2 new iframes are getting added. What am I doing wrong? Anyone faced this issue?
Severus
  • 61
  • 1
  • 4
2
votes
1 answer

Recently identityserver 4 auth has started to constantly hit the authorize, and silent renew endpoints

We have 3 apps: Client (React/SPA), API (ASP.NET CORE 3.1), and Auth (ASP.NET CORE 3.1 with IdentityServer 4). Fairly recently, the app is starting to constantly do what appears to be a silent renew. As soon as the client app loads, I can see in…
user1368182
  • 423
  • 7
  • 18
1 2
3
13 14