OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
Home Page: https://identityserver.github.io/Documentation/
License: Apache License 2.0
Both the access token and id token validation logic need to be able to check if the user has been locked out or similar in the meantime.
I really like the new embedded approach so thank you for that.
I did have a request to make it look and feel consistent with the other sites with which this will interface (enterprise apps).
I know this is still a young project but I'd like to hear your opinions about changes to the embedded HTML.
Thanks!
Hi,
First of all thanks for all the effort.
I haven't seen any support for different tenants within the same Membership provider. Are you planning on implementing this feature in the near future?
Will Idsrv 3 get the full oauth2 spec and authorization server wont be needed ? Or is there still need for it?
What is the best extension points for following setup. Lets say I as a company has a few Apis. they all have scopes like read,write. I would like to use the same idsrv3 to do authentication and users only need one account to any of the 3 apis. But read and write scopes for api 1 should not give read and write scopes for api 2.
Would I change scopes to api1_read, api2_read ect or is it because something is not there yet, like the application/resource model.
Last small question. Its the Client Credentials flow that is used when a 3party guy signs up for one of the apis and get a token that his client can use to talk with the Api? Will you add UI for registering these clients and such in IdSrv or is it our own responsibility to create those ?
On the MVC OWIN sample client example, I was trying to get the access token back somehow through the Microsoft OpenIdConnect plugin. I tried altering the Response_Type to include 'token' as well as doing a full scope but that didn't work. Besides, I'm not clear if this is even possible or how the access token would be returned so I can store it for the web api calls.
Awesome work on Identity server v3 and identity manager btw!
Hi, both v2 and v3 support OAuth. Wondering when would use one or the other.
Thanks,
Hi
I need idsrv3test.pfx certificate password to import certificate into Windows Cert Store (Local Computer\Personal), Kindly Share it.
I'm currently determining a route forward for the identity provision piece of some software I'm responsible for, I had settled on IDSrv2 as an approach that would give me a great head-start on where I wanted to go (thank you.) Then you went and released IDsrv3 preview which shook my foundations somewhat
So i've set about re-implementing my PoC flows around the proposed future of id: the openid connect approach.
One thing that I was doing previously was http://www.cloudidentity.com/blog/2013/01/09/USING-THE-JWT-HANDLER-FOR-IMPLEMENTING-POOR-MAN-S-DELEGATION-ACTAS/ using the original JWT received from IDSrv2 to 'pass' tokens onto later Web API calls from within the application a user has performed a federated sign in onto.
From what I can see OpenIdConnectionAuthenticationModule does not support this notion of a 'bootstrap token.' And I can't find the scope that I've requested from idsrv3 ('read') appearing in any of the claims in the identity token that comes back.
Is such as flow meaningful in an openid connect world, or do I need to 'just' pass around the 'bearer' access token (which has no signature verification or notion of scopes/claims associated with it) to the delegated API calls ? Apologies as always if these questions are frankly dumb!
?
blog post w/ architecture description
Hi,
I need to sign up and authenticate user through API, I need to get oauth token after authentication. So Apis for create user, login is helpful. Where can I found them?
Thanks.
Can I use IdentityServer.v3 with xamarin?
I want use httpClient portable class
Hi leastprivilege,
Thanks and best regards,
TruongPS
Perhaps if the services created implement IDisposable we call them when we're done.
Hi leastprivilege,
An exception of type 'System.InvalidOperationException' occurred in System.Core.dll but was not handled in user code
Additional information: Sequence contains no elements
At: Thinktecture.IdentityServer.TestServices.TestCoreSettings
_certificate = X509.LocalMachine.My.SubjectDistinguishedName.Find(certificateName, false).First();
Please, show me how to fix it.
Thanks and best regards,
TruongPS
Such as connection string. And update readme to show how.
Hi leastprivilege,
Seems to be related to #39 but different enough to warrant a separate discussion :)
When talking about HR(Discovery/Selection), is it going to be possible to restrict the available home realms on a per-client basis?
I'm hoping to share the IdP across related user populations but for example don't want social logins to be available to internal users, only external users.
After watching all the videos listed on the WIki page, I have a question regarding following scenario:
The app requires local login exists so that users can be set up by a vendor and given proper claims. At the same time the would like to offer convenience of adding/relating external logins (Google, Twitter, Facebook) so that user (and the vendor who set up the user) do not have to manage the password. So to recap:
From what I have seen in the integration video, each external login by the same user (in this case Brock) generated a separate local account.
Alternative to this scenario would be giving user ability to register via custom app, which would then add necessary initial claims.
Toughts?
zam
Hello.
I'm speaking from the point of view of some developer of trying to convince some colleagues to use OpenID connect. A simple setup consisting in referencing a single dll would definitely mean an improvement.
Thank you.
(check the google consent screen - e.g. on my slides)
brain dump:
possible scopes:
openid
response: code
return return code for id token, access token with scope: openid
response: id_token
return minimal id token
response: id_token token
return minimal id token, access token with scope: openid
response: token
error
openid profile
response: code
return return code for id token, access token with scope: openid profile
response: id_token
return id token with profile
response: id_token / post
return (== post) id token with profile
response: id_token token
return minimal id token, access token with scope: openid profile
response: token
error
openid profile resource
response: code
return return code for minimal id token, access token with scope: openid profile resource
response: id_token
error
response: id_token token
return minimal id token, access token with scope: openid profile resource
response: token
error
openid resource
response: code
return return code for minimal id token, access token with scope: openid resource
response: id_token
error
response: id_token token
return minimal id token, access token with scope: openid resource
response: token
error
resource
response: code
return return code for access token with scope: resource
response: id_token
error
response: id_token token
error
response: token
return access token with scope: resource
Hello.
I have just run the client credentials sample, but it seems that there is no encryption or signing whatsoever for the token, since we have this line: Console.WriteLine(JObject.Parse(Encoding.UTF8.GetString(Base64Url.Decode(claims))));
I also noticed that whatever is sent on the http wire is the same with whatever I see on the string. So my conclusion is that there is no encryption and no signing.
I can see the token service is doing something like this:
protected virtual string CreateJsonWebToken(Token token, SigningCredentials credentials)
{
var jwt = new JwtSecurityToken(
token.Issuer,
token.Audience,
token.Claims,
new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddSeconds(token.Lifetime)),
credentials);
var handler = new JwtSecurityTokenHandler();
var ret = handler.WriteToken(jwt);
return ret;
}
but I'm not sure it takes into consideration the certificate which is wrapped in the credentials variable.
Am I doing something wrong?
I am wondering if the current representation of the models are what you also are planing on using when making the persistent data stores.
I started to create a persistence azure tables data store (mostly for practice working with tables instead of Relational DB) and ran into some questions.
for AuthorizationCode and Token in ITokenHandleStore and IAuthorizationCodeStore. I was thinking just to serialize ClaimsPrincipal Subject and List Claims and put them in a storage table.
Have you given it any thought on how you will handle this in EF. Ofcause I can just wait and see what comes, but thats not fun :)
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.