aspnet-contrib

I have an OpenIdDict authentication server which is based on AspNet.Security.OpenIdConnect.Server . The setup works as expected. Now to do some in process integration;system tests which span the whole backend architecture I use the TestServer class. Why I test like this is another question Most test code coverage with least amount of work It has been decided to not do unit tests... (too much work they say) Real integration tests which span much less code where also seen as to much work when I want to achieve a good coverage The test are based on an framework that is build using a domain

I'm using AspNet.Security.OpenIdConnect.Server to issue JWT tokens and have the AuthorizationCodeLifetime set to 30 seconds for testing. Here is the snippet of code I'm using to set the options options.TokenEndpointPath = "/api/token"; options.AllowInsecureHttp = true; options.AccessTokenHandler = new JwtSecurityTokenHandler(); options.SigningCredentials.Add(new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)); options.AccessTokenLifetime = TimeSpan.FromSeconds(30); options.AuthorizationCodeLifetime = TimeSpan.FromSeconds(30); The returned token contains: "expires_in": 30, and

I am using Visual Studio 2015 Enterprise Update 1 and ASP.NET vNext rc1-update1 to issue and consume JWT tokens as described here . In our implementation we want to control token lifetime validation. We tried several approaches, all of which had undesirable side effects. For example in one attempt we took over the TokenValidationParameters.TokenValidationParameters.LifetimeValidator event in the Configure method: app.UseJwtBearerAuthentication ( options => { options.TokenValidationParameters = new TokenValidationParameters() { LifetimeValidator = (DateTime? notBefore, DateTime? expires,

I am using Visual Studio 2015 Enterprise and ASP.NET vNext Beta8 to issue and consume JWT tokens as described here . In our implementation we're storing some client details in Redis at token issuing time and we would like the flush this information when the user logs out. My question is what is the best practices for logging out with OIDC? While I could roll my own contoller for this purpose I couldn't help but notice Open ID Connect (OIDC) seems somewhat primed to handle this case. For example OIDC has an OnLogoutEndpoint handler and LogoutEndpointPath settings. But when I call the OIDC