identityserver3

问题 I'm trying to set up Thinktecture's Identity Server 3, but I can't seem to get it to return a refresh token when exchanging an authorization code (or when using the ResourceOwner flow, but I'm going to focus on the authorization code as it's more important to me right now). I get back access tokens and can use them to authenticate just fine, but it doesn't seem to even be generating the refresh tokens that I'm expecting to get back. Is there anything special that I need to do to get Identity

问题 I'm having a Client in my IdentityServer3 new Client { ClientName = "Client Credentials Flow Client With Certificate", Enabled = true, ClientId = "cc.WithCertificate", Flow = Flows.ClientCredentials, ClientSecrets = new List<Secret> { new Secret { Value = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29", Type = Constants.SecretTypes.X509CertificateThumbprint, Description = "Client Certificate" }, }, AllowedScopes = new List<string> { "read" } }, In Client Windows Form application I'm using "Client

问题 I have a system where if the user logs in as Joe with the role "Readonly" then he will be granted access only to read things (fairly obviously) however if he logs in as Joe with the role "Administrator" then he will have access to do administrative functions. However I want him to have to relogin if he wishes to change from the Readonly role to the Administrator role so that he could potentially leave his account logged in as Readonly on a display screen or something without fear of someone

问题 I want to include a claim by default in the access token retrieved when I Authenticate via IdSrv. The Claim Ticket should always be included in the access token, as such I have created a new scope that is a resource scope and included Ticket as a ScopeClaim . However as you can see from the IdSrv logs when IdSrv is creating the access token and calls GetProfileDataAsync the list of requested claims in the context is empty, and so no claims are added to the access token. How can I include this

问题 I'm trying to set up a simple example using IdentityServer3 with the Client Credential flow. The example contains a console client calling a Web API resource with a token recieved from the IdentityServer. The Web API and IdentityServer is hosted in IIS. I manage to get the token from the IdentityServer using: var client = new TokenClient( "https://machine+domain/WebHostedId3/connect/token", "client", "secret"); but when I try calling the Web API using: var client = new HttpClient(); client

问题 In my application I have integrated Identity server 3 with openid-connect . On our production server our website is behind a reverse proxy which is causing problems; When the user logs in and is redirected back by identity server, our application wants to redirect the user to his original location (the page with the AuthorizeAttribute ). The problem here is that the user is redirected to the hidden url instead of the public url used by the reverse proxy . How can I redirect the user to the

问题 I have asp.net MVC / angular application which connects through Identity Server 3. What I want to achieve is for the IS3 to redirect me to the Angular path after login. I already get the angular relative path before redirecting to IS3, what I need to do is to send that path to IS3 and have it send it back to me after login so that I can attach it to the redirect Uri. I've tried adding it to the "state" parameter when redirecting to IS3, but that results in an invalid redirect. That parameter

问题 I'm getting a 401 error when I try to access a resource from an API protected by IdentityServer3. I can log in and get the access_token quietly from the Host application of IdentityServer3, but I cannot use the access_token to consume this resource. I configured my Host of IdentityServer in Startup class like this: public void Configuration(IAppBuilder app) { Log.Logger = new LoggerConfiguration() .WriteTo.Trace() .CreateLogger(); AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants

问题 I'm using Identity Server 3 for Single Sign on and I'm having 3 client application. Once I logged in any of the Client application, the rest of the two applications, won't ask the Authenticate credentials. Its working fine in Log-in but in Signout the current Client gets logged out but the rest of the two applications not automatically redirecting to the log-in page of Identity Server. Kindly assist me in this regards. 回答1: Since you said in the comments that your client is a JavaScript

问题 I tried to enhance my existing WebApi with IdentityServer3. So I installed the IdentityServer3.AccessTokenValidation package and added this piece of code to my Startup Configuration app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { Authority = "<myIdentityServerUrl>", ValidationMode = ValidationMode.ValidationEndpoint, RequiredScopes = new[] { "api1" } }); (I did not apply the AuthorizeAttribute filter, so I can see what's going on). The