IdentityServer4 | AspNetCoreIdentityIdentityServer4 | Identity Management library

 by   woshilangdanger C# Version: Current License: No License

kandi X-RAY | IdentityServer4 Summary

kandi X-RAY | IdentityServer4 Summary

IdentityServer4 is a C# library typically used in Security, Identity Management applications. IdentityServer4 has no bugs and it has low support. However IdentityServer4 has 2 vulnerabilities. You can download it from GitHub.

另外我添加了一个 sqlserverbranch 分支 ,已经把先关修改都更改了,可以直接运行使用.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              IdentityServer4 has a low active ecosystem.
              It has 20 star(s) with 8 fork(s). There are 1 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              IdentityServer4 has no issues reported. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of IdentityServer4 is current.

            kandi-Quality Quality

              IdentityServer4 has 0 bugs and 0 code smells.

            kandi-Security Security

              IdentityServer4 has 2 vulnerability issues reported (0 critical, 0 high, 2 medium, 0 low).
              IdentityServer4 code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              IdentityServer4 does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              OutlinedDot
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              IdentityServer4 releases are not available. You will need to build from source code and install.
              IdentityServer4 saves you 4356 person hours of effort in developing the same functionality from scratch.
              It has 9229 lines of code, 0 functions and 103 files.
              It has low code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of IdentityServer4
            Get all kandi verified functions for this library.

            IdentityServer4 Key Features

            No Key Features are available at this moment for IdentityServer4.

            IdentityServer4 Examples and Code Snippets

            No Code Snippets are available at this moment for IdentityServer4.

            Community Discussions

            QUESTION

            IdentityServer4. Using 2 roles per user
            Asked 2022-Feb-11 at 15:52

            I'm using IdentityServer4 and an MVC client. My problem is just being able to use more than 1 role per user. In the example below, I have 2 controllers, each with its authorize. If 1 user has 2 Roles in the register, he gives access denied to both.

            When you leave only 1 role for the user, it works just fine

            Config.cs (IDS4)

            ...

            ANSWER

            Answered 2022-Feb-11 at 15:52

            I had the same issue and I changed

            Source https://stackoverflow.com/questions/70771745

            QUESTION

            Spring Boot, authorization_code, IdentityServer4 code_verifier
            Asked 2022-Feb-09 at 10:17

            ANSWER

            Answered 2022-Feb-09 at 10:17

            I finally resolved this issue. But still not satisfied with the methodology. Yet, it works gracefully. What I expected from OAuth2AuthorizationRequestResolver that the request to get the jwt token gets created internally and I should be unaware of the random string generated as code_challenge(to implement PKCE).

            I still request to share if somebody has a working example of authenticating and getting token by just providing required confs without me implementing and overriding OAuth2AuthorizationRequestResolver. So, here i go

            To implement OAuth2AuthorizationRequestResolver please follow https://developer.okta.com/blog/2020/01/23/pkce-oauth2-spring-boot

            then in method addPkceParameters

            Source https://stackoverflow.com/questions/69832052

            QUESTION

            Migration To NET6
            Asked 2022-Jan-31 at 12:03

            I tried to migrate my ASP CORE project to NET6 My project uses next packages

            IdentityServer4.AccessTokenValidation - 3.0.1

            IdentityModel.AspNetCore.OAuth2Introspection - 4.0.1

            IdentityModel - 5.2.0

            The build of project is success. But when I run application I get error

            ...

            ANSWER

            Answered 2021-Nov-17 at 06:48

            I investigated this problem and found cause. I used IdentityModel V 4,2,2 before update. When I update my project to NET 6, IdentityModel was upgrated to version 5.2.0. The difference between IdentityModel V 4,2,2 and IdentityModel version 5.2.0 was in signature method.

            Source https://stackoverflow.com/questions/69978649

            QUESTION

            Boundaries of using Claims in the authorization JWT token OAuth2+OIDC
            Asked 2022-Jan-24 at 13:07

            The main our product is Public API. We use IdentityServer4 for the authentication and authorization of our users. Now I'm fighting with my teammates about the number and type of information that can be in claims in token. For instance, usually, we add the user identifier and the identifier of user's organization in claims. Also, we add user's configuration, such as

            • server URL where the user was provisioned
            • internal identifier of the user
            • user's device identifier These user's configuration properties are requested from different internal services and databases during authorization and generating JWT tokens.

            There is an option - keep in JWT token only the user identifier and request all configuration properties in the API method. The main pros of keeping configuration in claims from my point of view are decreasing requests to other services and to the database.

            Perhaps, there are best practices about my question from reliable sources or even in RFC what the information can be in claims?

            ...

            ANSWER

            Answered 2022-Jan-24 at 13:07

            There are no RFCs or standards which would say what information can end up in claims and which don't. I would try to stick to those guidelines:

            1. Try to keep information in tokens as minimal as required. Don't put something in claims only because maybe one service will need it from time to time. Put only those claims which most of the service use all the time, or information which needs to be asserted by the Authorization Server. The other data usually belong to the microservices themselves or can be easily obtained through API calls. This is especially important if you're using JWTs publicly available on the Internet, as anyone can read those information.

            2. Try not to put Personally Identifiable Information in a JWT, especially if the token is available publicly. When someone steals such a token they will be able to read your users' PII. If you need this kind of information in a token, then think of using the Phantom Token pattern. This way the information is safe from eavesdroppers.

            3. By limiting the amount of claims in a token you can also limit the permissions of a token. It's better to have tokens with lower permissions and use token exchange whenever more information or privilege is needed.

            4. Remember that the claims in the token are a contract between the Authorization Server and the consumer (usually the API). Once you add something to a token, you usually won't be able to remove it, as this will constitute a breaking change.

            Have a look at these articles we wrote at Curity to get some more knowledge about dealing with claims and JWTs:

            Source https://stackoverflow.com/questions/70831773

            QUESTION

            Get error "login.live.com page can’t be found" when invoking Azure Ad as external IDP in IdentitySrever4
            Asked 2022-Jan-19 at 13:33

            I try to follow this tutorial to add Azure Ad as another external IDP for my IdentityServer4 service (I have gotten Windows and Google working already). I can get the "Azure Ad" button displayed on my IdentityServer login page now, but when I click on it, I get the following error returned:

            Here is how I configured Azure Ad in ConfigureServices of my Startup class. I also tried replacing "aad" with "oidc", which is what I used and worked in Google, but no difference here.

            and here is how my Azure Ad account configuration looks like. The colors match up with above indicating the values I use in my code:

            Can someone tell me what I may be doing wrong here?

            ...

            ANSWER

            Answered 2022-Jan-19 at 13:33

            Initially please try by deleting history in the browser and use "login.microsoftonline.com//v2.0/" as authority string. And options.CallbackPath = "/signin-oidc"; options.ResponseType = "code id_token";

            NOTE : The identity platform which is used by Microsoft has a character limit for links. This type of error will appear if the authorization request or link is longer than the said limit,.

            Protocols like OpenID Connect, allow state as a parameter in the authorization request, and the identity provider will return that state in the response as you can find that in error page you provided . Because of which the request URL becomes large as sometimes the state parameter is long.(which might be the possible case here)

            Try to call the AddOidcStateDataFormatterCache extension method on the IServiceCollection in startup class which uses the distributed cache in the backend like:

            Source https://stackoverflow.com/questions/70761812

            QUESTION

            NET5 JWT Bearer Authentication not recognizing SSL certificate
            Asked 2021-Dec-12 at 15:34

            I have a .NET 5 WebApi using Grpc and an IdentityServer4 running behind a YARP reverse proxy. The reverse proxy is using a valid Let's Encrypt certificate and is routing requests to the other two which are listening on localhost:port and using a self signed certificate. They are running on Linux Mint 20.1 and I created the self signed certificate with OpenSSL and added it to /usr/local/share/ca-certificates/extra and ran update-ca-certificates to update the certificate store.

            Everything runs fine, YARP recognizes the sefl signed certificate for routing the request but requests to the WebApi that require authorization throw this exception:

            ...

            ANSWER

            Answered 2021-Dec-12 at 15:34

            I managed to track down the cause and fix it.

            The Cause
            1. Microsoft.AspNetCore.Authentication.JwtBearer actually makes not 1 but 2 calls to IdentityServer4: one to /.well-known/openid-configuration to get the configuration and then a call to the endpoint returned in jwks_uriof the previous response. The first call was to a localhost:port endpoint using the self signed certificate and working normally but the 2nd was to a realdomain endpoint using the Let's Encrypt certificate and failing with the error in the OP.
            2. The Let's Encrypt certificate had an expired certificate in the chain: it was using DST Root CA X3 instead of ISRG Root X1 (more info here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/)
            Fix for calls using different domains Option 1 - fixing it in IdentityServer4

            This can be achieved by changing the IdentityServer4 origin in Startup.cs:

            Source https://stackoverflow.com/questions/69606080

            QUESTION

            Is "scope" a standard claim?
            Asked 2021-Dec-01 at 15:22

            Is there any standard scope claim in OpenID Connect, JWT or OAuth?

            In the IdentityServer 4 documentation, the there is a "scope" which is a space-separated string.

            ...

            ANSWER

            Answered 2021-Nov-30 at 12:58

            Most providers supports the AT+JWT token type and in it is specified that it should include a scope claim:

            It says:

            If an authorization request includes a scope parameter, the corresponding issued JWT access token MUST include a scope claim as defined in section 4.2 of [TokenExchange].

            All the individual scopes strings in the scope claim MUST have meaning for the resource indicated in the aud claim.

            Source https://stackoverflow.com/questions/70168487

            QUESTION

            Sync user data from IdP with application database
            Asked 2021-Nov-29 at 08:41

            We're currently developing a SaaS platform (with a React frontend and an ASP.NET Restful API backend) using the DDD principles. We also use our own Identity Provider (using IdentityServer4).

            All IdP-related data is stored in its own seperate database (users, claims, resources,...).

            Now there's this issue where we can't wrap our heads around:

            Whenever a users logs onto our SaaS platform using our IdP, we want to store some of the user data (id, language, email & name) in our application database. This is because we want to ensure referential integrity between users and other domain entities.

            Another reason to store this, is because we need to access users' languages from our domain (to send out emails etc).

            So what we can do is read the users' claims and store these in our database. But next to that, whenever a users changes any of this data (lets say a users updates his language) in the IdP, we'd also need to update this data in our application database (since we want the users to receive emails in their set language).

            I was thinking of creating a middleware that checks all UserClaims whenever a user performs an API call, but that would mean that we'd constantly have to make a db-request on every API call.

            What is the best way to sync user data between the IdP and another database without having to do it manually?

            ...

            ANSWER

            Answered 2021-Nov-29 at 08:41

            Your application can query the IdentityServer UserInfo endpoint, perhaps every time he logs in (or changes his user profile?) and store the information in the local database.

            The question is also how much "eventual consistency" you can accept between your application and your IDP?

            One option is to enable this feature and when you change your user profile, you use your refresh token to get a new access token.

            Source https://stackoverflow.com/questions/70125199

            QUESTION

            Multi-organization solution with identityserver4
            Asked 2021-Nov-16 at 18:47

            I've got following setup:

            • IdentityServer4 using asp.net core identity
            • Accounts app - where user can edit his account data and users can register
            • Portal - where users can login and select an organization to which they're connected (same as in azure devops)
            • API that is used by portal

            Does anyone have experience setting up something similar ? My question would be how to authorize the calls at API level to make sure he is only editing entities that belong to his organization.

            Thanks !

            ...

            ANSWER

            Answered 2021-Nov-12 at 11:09

            One way could be to use a tenant claim within each bearer token, so that when a user changes an organization on the portal (in case one user has access to several orgs), you perform relogin to the chosen tenant, or just request a new access token with a chosen tenant_id inside.

            You can use this and this answers for the reference on how to pass a custom parameter (such as tenant id) with your request to Identityserver.

            Source https://stackoverflow.com/questions/69935388

            QUESTION

            IdentityServer4 - Error: Unknown client or not enabled: oauthClient
            Asked 2021-Nov-12 at 12:26

            I've been trying to setup a project with IdentityServer4 for a while. However I'm getting the following error:

            ...

            ANSWER

            Answered 2021-Nov-12 at 12:26

            Alright, so when you have the following configuration:

            Source https://stackoverflow.com/questions/69904427

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install IdentityServer4

            You can download it from GitHub.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/woshilangdanger/IdentityServer4.git

          • CLI

            gh repo clone woshilangdanger/IdentityServer4

          • sshUrl

            git@github.com:woshilangdanger/IdentityServer4.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Identity Management Libraries

            vault

            by hashicorp

            k9s

            by derailed

            keepassxc

            by keepassxreboot

            keycloak

            by keycloak

            uuid

            by uuidjs

            Try Top Libraries by woshilangdanger

            easysharding.efcore

            by woshilangdangerC#