5,410 questions
0
votes
0
answers
37
views
Pass parameter from Swagger to IdentityServer8 for authentication
I'm using Swagger UI to test APIs that require authentication to IdentityServer8 via OAuth 2.0 implicit flow. Is there any way to pass a custom parameter from Swagger UI to IdentityServer8 during ...
- 6,545
-1
votes
1
answer
82
views
Identity Server 4 redirect url directing to http instead of https
I have a server with multiple docker containers, I'm using nginx as a reverse proxy, and Identity Server 4 for authentication and authorisation.
my /.well-known/openid-configuration has endpoints ...
- 47
0
votes
0
answers
27
views
Redirecting Identity Server 4 ERR_CONNECTION_REFUSED
I have a .NET Core site running on Azure which redirects requests to another .NET Core site running Microsoft Identity Server 4. Some of the clients are getting ERR_CONNECTION_REFUSED when they get ...
- 107
0
votes
0
answers
56
views
IdentityServer4: How to strictly validate returnUrl parameter against a whitelist?
We are using IdentityServer4 (v4.1.2) for OAuth authentication in an older system and need to strictly validate the returnUrl parameter to prevent open redirect vulnerabilities.
Our security ...
- 6,617
0
votes
0
answers
54
views
IdentityServer 4 on AWS Elastic Beanstalk — OpenID Discovery Returns HTTP Endpoints Instead of HTTPS
I'm deploying an ASP.NET Core 9 Web API using IdentityServer 4 on AWS Elastic Beanstalk with an Application Load Balancer (ALB) and a valid ACM certificate.
What works:
SSL certificate is correctly ...
- 316
0
votes
0
answers
52
views
.NET 8 Blazor web app (web assembly & server) + IdentityServicer
Does anyone have a working template? I tried to pin down such a configuration myself, but couldn't.
I keep getting an http 401 "unauthorized" error when sending a HTTP request from the ...
- 103
0
votes
0
answers
58
views
How to make front channel logout work in C# + IdentityServer4 + Angular?
I need help making front channel logout work in my application that uses C# + IdentityServer4 + Angular.
My client configuration in IdentityServer4:
new Client
{
AccessTokenType = AccessTokenType....
- 649
0
votes
0
answers
60
views
Command Bot generated Azure AD SSO token with Authprompt flow use in Identity server without login
command chat bot in ms teams and with sso authentication using Authprompt dialog.
Azure AD intra id setup completed with redirect uris
https://localhost:44310/signin-oidc
https://.ngrok-free.app/auth-...
0
votes
1
answer
20
views
Blazor WASM Hosted App with IdentityServer4 throws AddCredentials exception on login
I have Blazor WASM hosted web application that has been running fine on Digital Ocean linux hosting plan. But today I am getting the following error message when logging in:
Anyone knows what it may ...
- 842
0
votes
1
answer
42
views
Is it possible that users should remain logged in until they choose to log out manually. If so - then how?
I need to implement the feature as Users should remain logged in until they choose to log out manually.
I had tried this in Program.cs for session:
builder.Services.AddSession(options => {
...
0
votes
0
answers
129
views
How to set Content Security policy of Identity Server Connect/Authorize function internal call?
I am facing a issue when Identity server redirect from https:/sso.com/connect/authorize?.. to https://anotherhost.com/sigin-oidc it is showing CSP error as stated that
refused to send form data to ...
- 1,337
0
votes
2
answers
376
views
Duende IdentityServer - Inconsistent login status across multiple clients
(Originally posted on Duende support forum here but no response so far so thought I'd try stackoverflow.)
Issue
We host our own IdentityServer instance and all client apps are our own.
When a user ...
- 1,263
0
votes
1
answer
93
views
What are stored in PersistedGrant table for IdentityServer
I stored IdentityServer tables in SQL database. There is a table, PersistedGrants. When the type is "AuthorizationCode", which column that stores the Authorization Code? Is it the key in the ...
- 1,294
0
votes
0
answers
48
views
Error `redirect_uri is missing or too long` from IdentityServer4 in DockerContainer
Description of the situation:
I have a project with IdentityServer4. When I start everything locally, it works good.
The problem arises when I want to start all this in Docker Containers (DB, FrontEnd,...
- 23
2
votes
2
answers
564
views
Implementation of User Login using Finger prints/ Face recognition in Identity server 4 ASP.Net core
Right now my project is using Identity Server 4 and ASP.net Core, where we do user login using username ad password and we use userManager and siginManager for user login, and all users data is stored ...
- 130
0
votes
1
answer
70
views
Error in configuring identity server. The cookie '.AspNetCore.Identity.Application' has set 'SameSite=None' and must also set 'Secure'
I am trying to learn IdentityServer4. I setup one project in identityserver and another project in mvc. the code run as expected in localhost but i got error in docker swarm environment. After ...
1
vote
1
answer
137
views
Login with Microsoft External Account -Issue when the user cancels the consent prompt during authentication
I'm using Microsoft external authentication in a .NET 5 Razor Pages application, and I'm encountering an issue when the user cancels the consent prompt during authentication. The behavior works as ...
0
votes
1
answer
97
views
How to user authenticate using http in identity server?
Using usehttpsredirection user is authenticated properly. But when I comment out the usehttpsredirection and change security policy from CookieSecurePolicy.Always to CookieSecurePolicy.None, I am ...
0
votes
1
answer
63
views
Is there a way to connect/disconnect external OpenId providers IdentityServer 4 "on the fly"
IdentityServer 4 documentation says:
"To add support for OpenID Connect authentication to the MVC application, you first need... ...then add the following to ConfigureServices in Startup:
...
- 85
2
votes
1
answer
2k
views
why offline_access scope is needed to request refresh token in IdentityServer (OAuth2)?
I have to set AllowOfflineAccess = true to get refresh token
public static class Config
{
public static IEnumerable<Client> Clients =>
new Client[]
{
new ...
- 117
0
votes
2
answers
75
views
why Relying Party doesn't honour IdentityServer's `IdentityTokenLifetime` setting?
I set IdentityTokenLifetime (https://github.com/DuendeSoftware/IdentityServer/blob/e9860c6488f90e8fbc11a4452b9dd111dbfae933/src/Storage/Models/Client.cs#L187) to a very small value 60 seconds, but ...
- 117
0
votes
2
answers
130
views
Setting up JWT authentication using the Identity Server and get access token
I am working on a project which is based on micro-service architecture and use the identity server 5.
I set up JWT authentication using the Identity Server 5 as follows:
public static ...
- 2,501
1
vote
0
answers
108
views
Invalid HTTP request for token endpoint
I have this error in my ASP.NET Core MVC logs:
fail: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[17]
Exception occurred while processing message.
Microsoft....
- 11
0
votes
1
answer
38
views
Identity server redirection problems on the same browser instance
I have a problem when I use many account in the same instance of browser.
In the first connection from my site to the client site, the authorize endpoint is invoking, and I have in the log: "No ...
0
votes
0
answers
67
views
Change IdentityUser key from string to GUID - UserManager no longer works
I've recently decided to switch from string to GUID as the unique identifier for the IdentityUser. I have successfully applied the migration to the database, but now the UserManager methods don't work ...
- 257