Questions tagged [openid-connect]

1

votes
1

answer
334

Views

ADFS openid-connect from web application without OWIN

I have an existing web application that have a custom made authentication and login module. I would like to add login for some users via ADFS openid-connect but all examples I see is based on OWIN which I cannot use. My plan is to let some external users login via Azure AD and once they are authenti...
Johan
1

votes
0

answer
101

Views

IdentityModel.OidcClient for VB.NET

Anybody know if there is a library to connect to OpenID from a application Winforms VB.NET ? I found exactly a library for my purpose IdentityModel.OidcClient but it's in .NET C#. I need a framework like that but in VB Thanks you so much for any suggestion.
Antoine V
1

votes
1

answer
497

Views

Getting Spring Boot Security Working with Azure AD

Currently trying to get Azure AD integrated with a Spring Boot application I'm working on. I'm utilizing the azure-active-directory-spring-boot-starter package, and following the example laid out in the official documentation on Microsoft's website. However, when following the example, I'm receiving...
ReservedDeveloper
1

votes
1

answer
198

Views

Which token can be used by other systems

When I authenticate my single page app to my SFDC org using user-agent flow I am getting an access token and an openID token. I need to use one of them (not sure which) to authenticate and get access to another system (Again, via API). My understanding that I need to use the OpenID token in this cas...
Tea Bee
1

votes
0

answer
118

Views

Redirect to login after session expired

Am using Azure Active directory with OpenId provider in MVC 5.0 application and deployed into the Azure portal, In my case user session get expired after 20 minutes but not automatically redirecting to login page, application considered authentication is valid. Is there any option available in OpenI...
Kalai
1

votes
0

answer
298

Views

How to configure JWE keys in spring security 5.x.x application for an OpenId Connect client?

Is it possible to configure or autowire a JWE key selector for a spring boot 2.0 application with spring security 5.x.x to be able to decrypt the id_oken received from an OpenId connect provider? The JWS Keys can be defined by the spring security oauth2 client registration properties. But I did not...
Sebastian
1

votes
3

answer
673

Views

jsonwebtoken not decoding jwt in nodejs express

I am generating a JWT using IdentityServer4. This is being sent to a SPA using angular. The SPA can decode the token and get the claims e.g. Role. const tokenPayload = jwt_decode(token); return tokenPayload.role === expectedRole; That same token is being sent to an API in NodeJS. I tried to decode t...
alexandergs
1

votes
0

answer
202

Views

AngualrJS OIDC Client Silent Renew page

I am struggling to understand how this silent renew process works. as per what I Read I understood that the html page will be kept in an iframe and it keeps pinging server for renewing token. I have an angular application, typically we package everything into one simple index.html file and rest will...
hashbytes
1

votes
0

answer
136

Views

IdentityServer3 & External Provider Dynamically

I am implementing IdentityServer3 as an SSO platform for multiple websites (not multi-tenant however). Each website is for a separate customer whom has their own Office365 domains. We also serve in a support capacity for each customer so we have our own Office365 domain that we want to hook into Ide...
Solo812
1

votes
0

answer
296

Views

Should I clear InAppBrowser cache and session cache after OAuth 2.0 authentication?

The title really says it all, but of course will provide some details around the question. Background My Ionic3 application is using OAuth 2.0 for authentication. Here is the flow: User clicks login An InAppBrowser webview is opened, directing them to an OpenID Connect login portal page. Upon succes...
Sam5487
1

votes
0

answer
114

Views

How is the implicit flow of Opend ID Connect secure?

I understand that the in case of Single page applications that rely on bunch of rest apis, the implicit flow of Open Id Connect is recommended. What i fail to understand is how is it secure? The Authorization server returns the access and id token in the URL fragment after the user is successfully l...
Sumit
1

votes
0

answer
154

Views

Single sign on with OpenIdConnect in .net core - redirect URL

I am using SSO against Azure AD in my .net core application. Used OpenIdConnect for authentication. Currently after login it is redirected the home page. But I want to redirect it to the specific controller which user clicks before login. If mysite.com is my site and if user clicks on mysite.com/he...
Sridevi
1

votes
0

answer
119

Views

Obtain IsPersistent setting from IdentityServer4 openIdConnect

I have a asp.net MVC/angular app (not .net core) using OpenIdConnect to authenticate against our IdentityServer4 server. The login page on the identity server has a 'Remember Me' checkbox which sets the Identity Server cookie expiration. If the checkbox is not set the cookie expiration is set to e...
gilm0079
1

votes
1

answer
259

Views

IdentityServer4 and Clients Running on iOS 9.3.5 (JavaScript disabled)

Let me just preface this by saying that I am very new to web development and OpenIdConnect/OAuth, I have tried everything I can think of to track down the problem without success, so now I'm turning to the community... I setup an Identity Provider using IdentityServer4 - Nuget Pkg 2.1.1 I setup an M...
Aaron
1

votes
1

answer
345

Views

AddOpenIdConnect in a WPF App

So I need to AddOpenIdConnect in order to declare my SignInScheme and Scopes. Any idea how to do this in a WPF App? And where should this method be called? services.AddOpenIdConnect(options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // cookie middle setup above o...
1

votes
1

answer
136

Views

Is it possible to add user/password in the rest api header or as query params when implementing the openID connect

Is it possible to add user/password in the rest api header or as query params when implementing the openID connect? I have just finished a rest api that is implementing authorization code flow open id connect, so it's working fine, when I hit the api URL, it redirects me to the server, there I pass...
Navjyot Kaur
1

votes
0

answer
171

Views

OpenID login in C# desktop application?

Im newbie in C#, I have been asked to implement the OpenID login with provided username and password and get the bearer token. We achieved this in Java code snipped is as below.(don't know how do same in C#) public AccessTokenResponse getToken() throws IOException, ParseException, Exception { String...
Raj
1

votes
1

answer
60

Views

Getting resource from another resource in Oauth2

So here is a case: I have identity server, client application and resource(API). Identity server provides user info on the endpoint http://identityserver:8080/connect/userinfo. If you send a request with valid access token you will get additional information about user. If I need this information o...
Mário Jaroš
1

votes
1

answer
399

Views

Swagger Spec for OpenID Connect

Since OpenID Connect uses HTTP, headers, query strings etc I would like to get a Swagger/OpenAPI specification as documentation. I have tried to find it but not successful. Do you know where to find it? / Joacim
4integration
1

votes
1

answer
69

Views

Identity Server Password Grant to External Providers

I have implemented Identity Server 4 STS, and integrated it with external providers, AzureAD, and other custom on-prem OpenIdConnect STS. This works well for native OpenIdConnect grant types like Implicit and Hybrid, because they use HTTP redirects. I wanted to know if it's possible to support passw...
Eugene S.
1

votes
1

answer
42

Views

Faking authentication during development

In my current asp.net MVC core application we use OpenId Connect to authenticate with our corporation's identity provider. However during local development we cannot reach the the provider. Also we would like to easily change claim values for development and unit testing purposes. I tried swapping m...
Boris Callens
1

votes
0

answer
223

Views

Oauth / OpenID with Gitlab as provider

Does anyone know if it is possible to override the scope sent by Artifactory when trying to use Gitlab (On Premise) as the OpenID Connect Provider? Currently, Artifactory is sending &scope=openid%20profile%20email as a url parameter, but Gitlab can only handle &scope=openid%20read_user. If I manuall...
Espen Myhre
1

votes
1

answer
17

Views

When the credentials (ID and password) managed by IdP was changed, Should the access token stored in RP be issued newly?

I have talked about the specification when the credentials was changed by the Authorization Code Flow of OpenIdConnect or OAuth2. When the credentials (ID and password) managed by IdP was changed, the access token stored in RP is discarded, and user authentication is required again? Or should it be...
comic book guy
1

votes
0

answer
30

Views

How to Authenticate my login page using OpenID Connect in android

I have gone through many links to authenticate login page using OpenID Connect. I can't understand how to do that. I have to use openid connect to authenticate my login page in android. Can anyone tell me how to do this ? Thank you in advance.
dam
1

votes
0

answer
35

Views

React axios Cors Policy error with 3rd side server

I have react client that sends get request to my node server using axios, which received in my server after I allowed cors, and the server passes the request to 3rd side server which I have no access to its configuration at all so I cannot allow cors in that server ,and the request sent with the cli...
Ido.N
1

votes
1

answer
67

Views

Access User.Identity and Claims from Outside

I am trying to build an SSO(.net core) service with OpenID Connect which will be a layer between a Webforms application and the Service Provider. I created some endpoints to check if user is authenticated and get user claims from the service. I am able to get correct results when I call these endpoi...
Orhun Karapinar
1

votes
0

answer
41

Views

Old springframework works with keycloak

I have a web applications: app1 with springframework 2.5 It has standard spring-security form login. I didn't find a solution to enable SSO via Keycloak for this app, because keycloak spring-security adaptor doesn't support springframework 2.5. app2 with springframework 5 using keycloak for Sing...
Chuanbao Lu
1

votes
0

answer
58

Views

Multiple URL's on a OpenID Connect Provider (IdentityServer4)?

We are using IdentityServer4 as an OpenID Connect provider (OP) and wonder if it's possible to have multiple domain names configured. Basically we have multiple OpenID Connect (OIDC) clients which are connected to this OP, but would like to have the ability to show different URL's depending on the r...
Jonas
1

votes
1

answer
110

Views

How to use OpenID Connect for authentication and JWT for everything else

I want to use the 'microservice architecture' https://www.jhipster.tech/api-gateway/ using: my company OpenID connect provider to authenticate users from the frontend SPA JWT for authorization (that is, JWT from the moment the user is authenticated) I'm not sure how that's supposed to be configured,...
Leo
1

votes
0

answer
66

Views

OpenID Connect with multiple clients and SSO

I am creating this post after doing quite a lot of research on OpenID Connect myself including reading the specs and the more I read the more questions come up. I hope that someone is able to help me and clear my confusion. The OpenID Connect specs are good but only contain very basic examples that...
Solarer
1

votes
0

answer
228

Views

Not getting groups claims even after setting “groupMembershipClaims”: “All” in the app manifest

In my dev environment, I have my own AAD where I've registered my asp-net core application to enable open id connect authentication. I've edited the manifest so that: 'groupMembershipClaims': 'All' It works on my dev environment, but when I do the same in production, I'm not getting the user claims....
Liero
1

votes
0

answer
99

Views

.Net Core 2.0 Authentication Behind Reverse Proxy

I have a .NET Core 2.0 application in a Kubernetes cluster behind an Nginx Reverse Proxy. I currently have all of my services (.NET Core and otherwise) successfully authenticating via Oauth2-Proxy with Azure Active Directory. This works fine on a larger level, but I lose the ability to use role and...
JHub
1

votes
0

answer
46

Views

Security improvement for hybrid application

We are working on an management application that is build using a mix of older and newer technologies and frameworks. The generic architecture looks like: Architecture Overview It started out as an ASP.NET WebForms app, but when a mobile client was requested, we had to provide the data through an AP...
Sebastian F.
1

votes
0

answer
204

Views

What is the difference between identity server 4 open id connect and Azure AD?

What I know about IdentityServer and OpenID connect is: The IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. That incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and AP...
Ahmer Ali Ahsan
0

votes
0

answer
3

Views

403 Forbidden (RP) encountered a failure during the login when configuring App ID with tWAS

I'm trying to configure integration between App ID and tWAS. I've followed the 'Overview' of App ID service and successfully configured with Liberty using provided example, but same config is failing for tWAS. What I already did: Configured TAI with the following props: provider_1.identifier=app-id...
Gas
1

votes
1

answer
65

Views

How often do Azure AD key rolls occur?

I'm vetting Azure AD's Open ID Connect for securing a Web API. I came across a vague description of the frequency of how often Azure AD performs key rolls. Azure AD documentation here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-signing-key-rollover#overview-of-s...
Jeff
1

votes
1

answer
1k

Views

Azure AD Signing Keys for JWT

When you use Open ID connect with Azure AD, the JWT issued token (id token) is signed with an asymmetric key. I saw the public key to verify that signature is available in the metadata file, https://login.microsoftonline.com/common/discovery/keys. However, I couldn't find any documentation about how...
Pablo Cibraro
1

votes
0

answer
114

Views

Is there a way to use an own frontend instead of keycloak login?

I want to use an Angular >4 app that calls REST endpoints from Keycloak >4 to login. Spoiler: No, I don't want to use a Keycloak theme, because Freemarker templates are far to static. I need some dynamic ressources and CDN magic. So I used the '…/auth/realms/REALM/protocol/openid-connect/token' en...
Vincent Romanus
1

votes
1

answer
218

Views

How to implement GUI Less Oauth Authentication system to access API's built using Python-Flask

I have written a simple Python Flask API which does operations like adding data to Database and getting data from Database, there is no UI for this API, Now I want to implement OAuth authentication system for this simple API, As there is NO GUI, I cant use google or FB Oauth Providers which redirec...
1

votes
0

answer
287

Views

.Net Core 2.1 identity Server using relative path for host and resources

We ran into a problem using the .Net Core 2.1 Identity Server with OpenIdConnect. Our environment is a multi resource landscape and one centralized authorization server. All resources including the authorization server are accessible over a local nginx with default configuration. For examle: http:...
FlorianQo

View additional questions