10,517 questions
0
votes
0
answers
27
views
AWS Error in Cloudfront + Appsync with 2 Authorizers OICD and new additional API_KEY, Cloudfront forcing x-api-key
I have an application that is in production working with Cloudfront + Appsync with OICD Authorizer. In the Cloudfront configuration for some reason it is adding in the custom headers if API_KEY exists ...
0
votes
0
answers
30
views
Revoking Connected Devices: How to Invalidate IMemoryCache Immediately to Prevent 2-Minute Access Window?
Hey i was building a DeviceService to know Connected Devices to an account after i builded every thing now i got issue with revoking device
Main Confusion :
that i decided to use IMemoryCache to ...
1
vote
0
answers
47
views
Checking authentication scheme from inside policy.RequireAssertion
I have an ASP.NET Core Web API that accepts tokens from two JWT sources. I want to define an authorization policy that will accept a token from the first source if and only if it has a particular ...
- 483
0
votes
0
answers
41
views
Matrix Synapse Azure / Microsoft SSO: what kind of value is saved / Stored from a Azure user (not object-id)
we want to migrate our LDAP users to SSO from our #synapse #matrix server and we have already many users, which are using Microsoft SSO Login. Matrix Synapse uses Authlib and there is a table (...
0
votes
1
answer
104
views
Viewer SDK - Access Token Management with Automatic Routing
I am looking for guidance on how to configure authorization token management with automatic routing enabled in the Viewer SDK.
Our application sets up token refreshing using the getAccessToken ...
- 1
0
votes
0
answers
43
views
How to write a custom meta annotation to check for authority when using Spring Security?
I have an enum with permission values:
public enum Permission {
DASHBOARD_OPEN("dashboard:open");
private final String key;
Permission(String key) {
this.key = key;
...
- 30.8k
0
votes
1
answer
70
views
How to keep getting the latest validation code in google authenticator for TOTP
I am implementing 2 Factor Authentication TOTP (Time-based One-Time Password) for a login page. After enter id and password, it will go to TOTP checking. It can only get the first code and won't ...
- 15
0
votes
1
answer
212
views
How to handle feature and permission-based authorization in Next.js without delaying initial render?
I’m building a multi-tenant SaaS application with Django Ninja as the backend and Next.js as the frontend. I’m running into a problem around handling RBAC permissions and org-level feature ...
- 37
1
vote
1
answer
66
views
Different GrantedAuthority returning the same for getAuthority()
I have a spring application, where users can have various authorities and where some of those authorities can be scoped.
For example, the READ_ALLOWED authority is scoped by company domain. So I have
...
- 413
0
votes
0
answers
87
views
Blazor AuthorizeRouteView not showing Authorizing Layout
I have a .NET 9 Blazor Maui hybrid application.
In my Routes.razor i have this:
<CascadingAuthenticationState>
<Router AppAssembly="typeof(MainLayout).Assembly">
<...
- 631
0
votes
2
answers
184
views
Middleware not triggering in Next.js app using next-auth
I’m working on a Next.js 14 app with the App Router and next-auth@5. I followed the official Next.js Learn guide on authentication, except I replaced email with username in the database.
I set up ...
- 3
0
votes
1
answer
106
views
Blazor Server collocated JavaScript causing crash on Blazor connection timeout due to auth CORS policy
We have a Blazor Server app that requires authorization on all its components (internal business app):
// ...
app.UseHttpsRedirection();
app.MapStaticAssets(); // <-- Static files middleware ...
- 1,013
0
votes
0
answers
208
views
How to Properly Implement ABAC (Attribute-Based Access Control) Authorization?
In my Next.js application, I have these roles:
manager
technician
front-desk
external-user
My Pages/Routes are:
/dashboard
/users
/orders
/orders/:id
/orders/:id/edit
/orders/new
Now, correct ...
- 141
0
votes
0
answers
58
views
Authorization in OpenSearch Dashboards plugin
I am currently browsing official repository of OpenSearch Dashboards and documentation for a while. I am developing my OpenSearch Dashboards plugin. My plugin does have built-in Node.js server, that ...
- 92
0
votes
0
answers
68
views
Implement permify in Spring boot application
I am trying to implement permify authorisation in my spring boot application. I want to know how can I upload schema to permify database inorder to create relationships.
Can someone provide the ...
0
votes
0
answers
57
views
How to use Identity API endpoints in an ASP.NET Core web project without custom middleware?
I'm developing a .NET Core Identity API using the following setup:
builder.Services.AddIdentityApiEndpoints<AppUser>()
.AddRoles<AppRole>()
....
- 77
0
votes
0
answers
24
views
Google Identity Services - AuthorizationClient not starting a fresh flow immediately after a user revokes access to the app
On this page - https://developer.android.com/identity/authorization
For authentication, we recommend using the Credential Manager API. For authorizing actions that need access to user data stored by ...
- 2,732
0
votes
0
answers
38
views
What authorization am I missing when writing a PATCH API to Autodesk Construction Cloud?
The goal of my API is to allow a batch PATCH of asset statuses in ACC. When I run my code, I am getting error code 403 which is "The request was not accepted because the client is authenticated, ...
1
vote
1
answer
118
views
How to avoid re-authorization of App Script?
I have written an apps script connected to my google spreadsheet to export it to a JSON file.
The data is need in an android application that I am building and access via the Web App "/exec" ...
- 139
1
vote
2
answers
476
views
Entra optional claim of login_hint seems to always be blank
I'm currently working on a blazor webassembly app, to which users get to authenticate themself using Microsoft Entra ID. This all works fine and dandy, but I'm trying to optimise the experience. ...
- 141
0
votes
1
answer
626
views
Strapi - ValidationError: Invalid key when using authenticated API call with filters
I'm working on a Strapi v5 server and have set up the following tables:
Referrant – has many Agents.
Agent – has many Referrants.
ReferrantToAgent – a conjunction table to handle the many-to-many ...
- 1,962
0
votes
1
answer
39
views
ASP.NET Core authentication and authorization question
I'm learning ASP.NET Core and I'm reading books and watching videos on authentication and authorization.
There's one question I can't seem to get answered: I understand that authentication and ...
- 475
0
votes
0
answers
56
views
Request failed with status code 500 while making authorization
Good evening everyone, hope this message finds you well! Wondering if there's any changes need to be done to the following lines of code as it's returning the following exceptions(provided in output ...
- 11
0
votes
0
answers
32
views
Utilizing multiple Authorization Filters
I have a authorization filter that checks for some OKta claims and these are low level roles that give overall access to the app. To expand our app further and make more complicated for both access ...
- 1,843
0
votes
0
answers
50
views
How is jwt protected from XSS ? and why not use IP with the JWT hash?
I am creating my 1st django-react application, but i got stuck on the login process.
Currently i am using simplejwt, while i can keep the access token inside react state, the refresh token has to be ...
- 11