identityserver4

问题 We currently have an API that requires multi-tenancy. Upon a successful login we issue all the available tenants to the user but when a user chooses to change tenant I'm starting to run into issues about in which tenant-context the users is attempting to access a resource. My thought was that upon changing tenant I can just offer a ChallengeResult() and then in IdentityServer handle this to check what tenant the user would like to access and then issue a new token with the claim "ChosenTenant

问题 I am using identity server 4 and angular 9. i have setup the identity server and i was able to login successfully in my angular application but, i can't access the user profile, username etc. as i get undefined. But after login in the angular auth-callback component using the oidc user, usermanager setting i was able using get all the user details (id_token, access token etc) but in component i could not. after login the user object is null or undefined but when i refresh my page after

问题 I created a react project with the react template in asp.net core with individual user accounts. I have looked around and found out I needed to add roles in the startup file and add a profile service, which seems to have half worked. I can see the roles in my authorization token like this: "role": [ "admin", "bookkeeping" ], But when I add the [Authorize(Roles = "admin")] tag to my controller the requests are now forbidden, even when i can see my token includes the role "admin". What am I

问题 The dbo.Clients table in the IdentityServer database contains both ClientId and ClientName , however requesting a client credentials token doesn't include the client name in the token. Is there a way to either retrieve client information from IdentityServer given the client id, or request that the client name be added to the token? 回答1: You can add them dynamically using a custom token request validator : public class ClaimClientsUpdated : ICustomTokenRequestValidator { public Task

问题 Hi everybody I have a problem with my reverse proxy configuration for my dotnet core application. My problem is that when I am using identityserver discovery endpoint the port number is missing from the end of my url. I have a request for the discorvery document to https://:8421/.well-known/openid-configuration and the response is the following and the problem here is that the clients of the authentication service are using the document as a base for verification, using jwks_uri property from

问题 Update: After correcting the certificate issue, I'm now getting a 500 response form the test, with this message: InvalidOperationException: IDX20803: Unable to obtain configuration from: 'http://localhost/.well-known/openid-configuration'. That appears to be similar to this issue: https://github.com/IdentityServer/IdentityServer4/issues/685; however, I can't come up with a way to set the backchannel client or handler from my test -- it seems like a chicken and egg situation. This issue was

问题 I have google configured as an external identity provider. How do I configure IdentityServer to also log out of this external identity provder as well as all my client applications? FYI, the client application sign out is already working. Just want to log user out of google as well. 回答1: Anwer Google doesnt supprot it Signout for Google External Identity Provider isn't working Background Information: When a user is signing-out of IdentityServer, and they have used an external identity

问题 I'm trying to implement a third-party auth in my sign up page, but I can't get it to work with IdentityServer4. I have it working in my login page since the oidc client is initiating the login request. However the oidc client is not aware of a request to my registration page, so when I send an auth token back, it doesn't recognize the state and throws an exception: 'No matching state found in storage'. I know IdentityServer4 does not officially support user registration. I've got registration

问题 I have a restful service running on localhost:5002, Identity server on 5000 and Blazor WebAssembly app on localhost:1330. There is probably something going on with they're not all on the same domain. I can authenticate with my Blazor WebAssembly app (Client not server) Which inturn calls WebApi methods, I get returned, 401 not authorised. I've manually added the bearer token to the requests and it works perfectly returning results etc. HttpClient.DefaultRequestHeaders.Authorization = new

问题 I'm using IdentityServer4 and whenever the user login for the first time the application shows consent screen for the scopes of an application to the user which is expected. If the user clicks "yes" and click on remember option the application is not showing the consent screen when the user login for second time onwards which is also expected. Here the problem I'm facing is whenever I restart the IdentityServer (or when I do the deployment) the user consent information is not persisting and