Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Victor Benavides Arenas
    @vbenavidesa
    anyone can point me how can I use Identity Server 4 with asp.net identity without entity framework?
    Oskar Mikolajczyk
    @omikolaj
    What other ORM do you want to use?
    Yaroslav Viktorovich
    @YVEF
    Hi everyone. I have a returnUrl after my login something like: "connect/authorize/callback?client_id=sdlfj&redirect_url=https://blablabla&state=" and so on. but how can I add parameters for the "redirect_url"?
    Robert Karlsson
    @Robban1980
    @YVEF generally you don't. That's something you keep track of on your application side.
    ajai1109
    @ajai1109
    Getting "the payload was invalid". microsoft.aspnetcore.dataprotection when i use different branch. Please help me
    Yaroslav Viktorovich
    @YVEF
    @Robban1980 thanks. but can you advice me what is the best solution for the following: when I go to a login page after redirect (from client) I want to have 2 ways: 1) usual login with redirect. 2) avoid login and redirect to external url. the second way no working in case of external url (only if it's local url). How can I perform the redirect for target address. Please, ignore security problem. thanks
    Ashiqur Rahman Emran
    @emashiq
    @ajai1109 Can you please show me more information
    2 replies
    Rob Van Pamel
    @robvanpamel_twitter
    Hi,
    For a project we need to fill a bridge between an OAuth provider and a OpenID Connect server ( AWS Cognito IdP ).
    I wonder if it would be possible to use IdentityServer to resolve this problem ( Kindof man in the middle, which maps between both parties) ?
    2 replies
    Robert Karlsson
    @Robban1980
    @YVEF again outside of IS4 this would be your implementation controlling this. Sound like you just need to redirect
    Steven Quick
    @StevenQuick
    In a .net core mvc client/app what is the best way to keep the identity server app session alive, iframe? Both are set to sliding with same timeout.
    Robert Karlsson
    @Robban1980
    @StevenQuick iframe seems to be the way to go
    Biplov Kc
    @biplov.cybercop_gitlab

    I just updated to IdentityServer 4.1.1 and the Scope class in ScopeViewModel does not seem to exist

        public ScopeViewModel(Scope scope, bool check)
        {
            Name = scope.Name;
            DisplayName = scope.DisplayName;
            Description = scope.Description;
            Emphasize = scope.Emphasize;
            Required = scope.Required;
            Checked = check || scope.Required;
        }

    does anyone know what are the substitute or how to solve this?

    Biplov Kc
    @biplov.cybercop_gitlab
    Nvm seems like it is renamed to ApiScope
    Omar Ashraf
    @omarattia3143
    i am trying to add scope to my access token and i am using ef storage shouldnt i use "ClientScope" table for that ? i have added the scope in all tables and still can not get it into my access token what am i missing ??
    1 reply
    Lam Phat Tai
    @tailamphat
    Hi everyone
    Anyone face the same problem?
    Authentication Ticket is not expired but Access Token is expired, Resource API still returns a response
    jmeyerworms
    @jmeyerworms
    hi, i have a question : i have a web app and web api in the same projekt , the project works with .net core , entitity framework and Identity managment , now i want the web api works with jwt tokens to other clients (android app) is in this situation identityserver4 the right choice?
    Robert Karlsson
    @Robban1980
    @tailamphat that i not related to IS4 it is your implementation that allows the usage of expired tokens.
    Martin
    @ng-martin
    G'day room
    recently upgraded "IdentityServer4.AccessTokenValidation" to its latest version and looks like " InboundJwtClaimTypeMap" is no longer supported. Anyone experience this in the past. I also read about this library being deprecated, however for now, just would like to know the new way to handle that property.. thanks
    Adrian Leon Morell
    @adrianleonmorell
    Hi guys, I'm looking for some answers about how to use IS4 in AWS when the API resources are protected by an API Gateway.
    Context: We have some APIs protected by an STS app that uses IS4 and they are behind an AWS API Gateway, we also have a Lambda that is used in the API Gateway to handle Authentication responsabilities.
    An important detail is that the APIs are hosted using AWS Lambdas as well, and the authentication mechanism that we are currently using is the one provided for the AWS libraries (In details how this process work: the AuthN lambda sets the claims in the response and the lambda API takes the claims later and creates the Claims Principal that represents the logged in user)
    The thing is that the code in the lambda is difficult to debug and given all the utils offered by the IS4 libraries I feel that we are wasting some capabilities and therefore, writing ourselves. I mean exactly all the work that the Authentication Middleware does, for instance, validating the token, the scope and creating the Claims Principal per request.
    Do you think this flow is entirely normal? Is there any blog post that talks about it? Google researches so far have not revealed anything useful. My thoughts are that the AuthN lambda could be even removed but as you can imagine it can be very difficult to convince someone about it when most of the blog posts on the internet talk about centralizing the Authentication in the API Gateway.
    Brent Arias
    @brentarias
    Hey Folks! I'm trying to figure out how to create/obtain a client-secret from the Graph Explorer. I have used Graph Explorer to create a new application, but the response does not provide a secret. In the registration portal (which I'm not using), there is a "certificates & secrets" section I can use. In Graph Explorer, I don't see any equivalent of that.
    Mahenbisht
    @Mahenbisht
    I am using IdentityServer4 with Asp.netCore3.1. I am unable to redirect to MVC client after HttpContext.SignInAsync from IdentityServer4. System redirects again on Login of IdentityServer4
    Robert Karlsson
    @Robban1980
    @brentarias Generally a client secret is something you provide not receive. Why would you expect it to be returned?
    Mahenbisht
    @Mahenbisht
    I have pages configured according to the user roles in MVC application. This is the Startup of MVC
    JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
    services.AddAuthentication(options =>
    {
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.Authority = this.Configuration.GetValue<string>("IdentityServer:Authority");
    options.RequireHttpsMetadata = false;
    options.ClientId = this.Configuration.GetValue<string>("IdentityServer:ClientId");
    options.ClientSecret = "super-secret";
    options.ResponseType = OpenIdConnectResponseType.Code;
    options.SaveTokens = true;
    options.Scope.Add("openid");
    options.Scope.Add("profile");
    options.Scope.Add("roles");
             });
    MVC client configured in IdentityService is
    new Client
    {
    ClientId = "web-mvc",
    ClientName = "Order All",
    AllowedGrantTypes = GrantTypes.Code,
    RequireConsent = false,
    ClientSecrets = {new Secret("super-secret".ToSha256(),"mvc-secret") },
    RedirectUris = { "http://10.0.75.1:5025/signin-oidc", "http://localhost:5025/signin-oidc" },
    PostLogoutRedirectUris = { "http://10.0.75.1:5025/signout-callback-oidc", "http://localhost:5025/signout-callback-oidc" },
    AllowedScopes = new List<string>
    {
    IdentityServerConstants.StandardScopes.OpenId,
    IdentityServerConstants.StandardScopes.Profile,
    "roles",
    "web-gateway",
    },
    AccessTokenLifetime = 60602, // 2 hours
    IdentityTokenLifetime= 60602 // 2 hours
    },
    Robert Karlsson
    @Robban1980
    @Mahenbisht check you loggs
    Mahenbisht
    @Mahenbisht

    This is the error in my Log after I changed Startup of MVC to this

    services.AddAuthentication(options =>
    {
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    })
    .AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromHours(3))
    .AddOpenIdConnect(options =>
    {
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.Authority = configuration.GetValue<string>("IdentityServer:Authority");
    options.ClientId = configuration.GetValue<string>("IdentityServer:ClientId");
    options.ClientSecret = "secret";
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    options.SaveTokens = true;
    options.RequireHttpsMetadata = false;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.Scope.Add("openid");
    options.Scope.Add("profile");
    options.Scope.Add("roles");
    });

    Startup of IdentityServer4 to this

    var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
    var connectionString = configuration.GetValue<string>("ConnectionStrings:IdentityServerDbContext");
    services.AddIdentityServer(options =>
    {
    options.IssuerUri = configuration.GetValue<string>("IdentityServerConfiguration:IssuerUri");
    options.Authentication.CookieLifetime = TimeSpan.FromHours(5);
    })
    .AddDeveloperSigningCredential()
    .AddConfigurationStore(options =>
    {
    options.ConfigureDbContext = b =>
    b.UseSqlServer(connectionString,
    sql => sql.MigrationsAssembly(migrationsAssembly));
    })
    .AddOperationalStore(options =>
    {
    options.ConfigureDbContext = b =>
    b.UseSqlServer(connectionString,
    sql => sql.MigrationsAssembly(migrationsAssembly));
    options.EnableTokenCleanup = true;
    });
    return services;

    This is the Error:
    No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions)

    Robert Karlsson
    @Robban1980
    The error describes what you need to do
    did you try doing it?
    Emanuel Ramos
    @imaramos
    Hello guys, I am trying to understand how does the login page fits into the implicit flow, AFAIK it sets some cookie for the user (idserv) but it doesn't contain any access_token.
    Do we need to perform login and then call authorize endpoint?
    Mahenbisht
    @Mahenbisht

    did you try doing it?

    This error is resolved now, but after HttpContext.SignInAsync, IdentityServer redirect to login method of IdentityService. IdentityServer should redirect me to Login page of my MVC client.
    This is the Startup.cs of MVC client
    services.AddAuthentication(options =>
    {
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    })
    .AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromHours(3))
    .AddOpenIdConnect(options =>
    {
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.Authority = configuration.GetValue<string>("IdentityServer:Authority");
    options.ClientId = configuration.GetValue<string>("IdentityServer:ClientId");
    options.ClientSecret = "secret";
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    //options.ResponseType = OpenIdConnectResponseType.Code;
    //options.UsePkce = true;
    options.SaveTokens = true;
    options.RequireHttpsMetadata = false;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.Scope.Add("openid");
    options.Scope.Add("profile");
    options.Scope.Add("roles");
    });

    This is the MVC client configuration in IdentityService
    ClientId = "web-mvc",
    ClientName = "Order All",
    ClientSecrets =
    {
    new Secret("secret".Sha256())
    },
    ClientUri = "http://localhost:5025",
    AllowedGrantTypes = GrantTypes.Hybrid,
    AllowAccessTokensViaBrowser = false,
    RequireConsent = false,
    RequirePkce =false,
    AllowOfflineAccess = true,
    AlwaysIncludeUserClaimsInIdToken = true,
    RedirectUris = { "http://localhost:5025/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:5025/signout-callback-oidc" },

                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                         IdentityServerConstants.StandardScopes.OfflineAccess,
                        "roles",
                        "web-gateway",
                    },
    
                    AccessTokenLifetime = 60*60*2, // 2 hours
                    IdentityTokenLifetime= 60*60*2 // 2 hours
    Robert Karlsson
    @Robban1980
    @Mahenbisht im quite sure that there is some kind of info in the logs.
    Mahenbisht
    @Mahenbisht

    Yes, I have the log. I am unable to find useful information from the log

    info: Microsoft.AspNetCore.Mvc.Infrastructure.RedirectResultExecutor[1]
    Executing RedirectResult, redirecting to /connect/authorize/callback?client_id=web-mvc&redirect_uri=http%3A%2F%2Flocalhost%3A5025%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles&response_mode=form_post&nonce=637389603891149593.Nzc1YzJiZjYtYTcxYy00YThkLWI1MjktM2NhYjNiMzJiNGU1ZWViNWI5MWItMTBmZS00ODU4LTlhNGUtOThkMmUyMDVjNjM3&state=CfDJ8LcASGPFqABIr6ipA6aBZWKPw02SBkxATi-RKs5gIpAx1JUm4DMWHgIFKIy-zBaF1fdkhBe7p5o3_w0HghCMfKyRJGj7V2ez-tJNzxQP408XLWvOJYlcaw8-rzDoZYr3Ub31TrewUQkcCKVyQv_i8ieb9CVd0rpSAxXlJArkOz69jpRodXWxgRp62OpOgF_aFJcDiyHBG8qiLhtDMAijbQs301yqCJdgJFG62jwibRLirGwYjMI1I3N2Ekprbw7ThlNRIR3f0D5LutiYnh8N9SgawOn_rAgA1RXIat1Ug1ekwA4XOA6w0v0l7Jiz04kqMA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0.
    info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
    Executed action IdentityServer.Controllers.AccountController.Login (IdentityServer) in 8047.4317ms
    info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
    Executed endpoint 'IdentityServer.Controllers.AccountController.Login (IdentityServer)'
    info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
    Request finished in 8200.7505ms 302
    info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
    Request starting HTTP/1.1 GET http://host.docker.internal:5010/connect/authorize/callback?client_id=web-mvc&redirect_uri=http%3A%2F%2Flocalhost%3A5025%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles&response_mode=form_post&nonce=637389603891149593.Nzc1YzJiZjYtYTcxYy00YThkLWI1MjktM2NhYjNiMzJiNGU1ZWViNWI5MWItMTBmZS00ODU4LTlhNGUtOThkMmUyMDVjNjM3&state=CfDJ8LcASGPFqABIr6ipA6aBZWKPw02SBkxATi-RKs5gIpAx1JUm4DMWHgIFKIy-zBaF1fdkhBe7p5o3_w0HghCMfKyRJGj7V2ez-tJNzxQP408XLWvOJYlcaw8-rzDoZYr3Ub31TrewUQkcCKVyQv_i8ieb9CVd0rpSAxXlJArkOz69jpRodXWxgRp62OpOgF_aFJcDiyHBG8qiLhtDMAijbQs301yqCJdgJFG62jwibRLirGwYjMI1I3N2Ekprbw7ThlNRIR3f0D5LutiYnh8N9SgawOn_rAgA1RXIat1Ug1ekwA4XOA6w0v0l7Jiz04kqMA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
    dbug: IdentityServer4.Hosting.EndpointRouter[0]
    Request path /connect/authorize/callback matched to endpoint type Authorize
    dbug: IdentityServer4.Hosting.EndpointRouter[0]
    Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
    info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
    Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
    dbug: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
    Start authorize callback request
    dbug: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
    No user present in authorize request
    dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
    Start authorize request protocol validation
    info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
    Entity Framework Core 3.1.8 initialized 'ConfigurationDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=IdentityServer
    info: Microsoft.EntityFrameworkCore.Database.Command[20101]
    Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
    SELECT [c].[Id], [c].[AbsoluteRefreshTokenLifetime], [c].[AccessTokenLifetime], [c].[AccessTokenType], [c].[AllowAccessTokensViaBrowser], [c].[AllowOfflineAccess], [c].[AllowPlainTextPkce], [c].[AllowRememberConsent], [c].[AllowedIdentityTokenSigningAlgorithms], [c].[AlwaysIncludeUserClaimsInIdToken], [c].[AlwaysSendClientClaims], [c].[AuthorizationCodeLifetime], [c].[BackChannelLogoutSessionRequired], [c].[BackChannelLogoutUri], [c].[ClientClaimsPrefix], [c].[ClientId], [c].[ClientName], [c].[ClientUri], [c].[ConsentLifetime], [c].[Created], [c].[Description], [c].[DeviceCodeLifetime], [c].[EnableLocalLogin], [c].[Enabled], [c].[FrontChannelLogoutSessionRequired], [c].[FrontChannelLogoutUri], [c].[IdentityTokenLifetime], [c].[IncludeJwtId], [c].[L

    Mahenbisht
    @Mahenbisht
    This is the remaining log
    dbug: IdentityServer4.EntityFramework.Stores.ClientStore[0]
    web-mvc found in database: True
    dbug: IdentityServer4.Stores.ValidatingClientStore[0]
    client configuration validation for client web-mvc succeeded.
    dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
    Checking for PKCE parameters
    dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
    No PKCE used.
    info: Microsoft.EntityFrameworkCore.Database.Command[20101]
    Executed DbCommand (21ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
    SELECT [i].[Id], [i].[Created], [i].[Description], [i].[DisplayName], [i].[Emphasize], [i].[Enabled], [i].[Name], [i].[NonEditable], [i].[Required], [i].[ShowInDiscoveryDocument], [i].[Updated], [i0].[Id], [i0].[IdentityResourceId], [i0].[Type], [i1].[Id], [i1].[IdentityResourceId], [i1].[Key], [i1].[Value]
    FROM [IdentityResources] AS [i]
    LEFT JOIN [IdentityResourceClaims] AS [i0] ON [i].[Id] = [i0].[IdentityResourceId]
    LEFT JOIN [IdentityResourceProperties] AS [i1] ON [i].[Id] = [i1].[IdentityResourceId]
    WHERE [i].[Name] IN (N'openid', N'profile', N'roles')
    ORDER BY [i].[Id], [i0].[Id], [i1].[Id]
    dbug: IdentityServer4.EntityFramework.Stores.ResourceStore[0]
    Found roles, profile, openid identity scopes in database
    info: Microsoft.EntityFrameworkCore.Database.Command[20101]
    Executed DbCommand (21ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
    SELECT [a].[Id], [a].[AllowedAccessTokenSigningAlgorithms], [a].[Created], [a].[Description], [a].[DisplayName], [a].[Enabled], [a].[LastAccessed], [a].[Name], [a].[NonEditable], [a].[ShowInDiscoveryDocument], [a].[Updated], [a0].[Id], [a0].[ApiResourceId], [a0].[Created], [a0].[Description], [a0].[Expiration], [a0].[Type], [a0].[Value], [a1].[Id], [a1].[ApiResourceId], [a1].[Scope], [a2].[Id], [a2].[ApiResourceId], [a2].[Type], [a3].[Id], [a3].[ApiResourceId], [a3].[Key], [a3].[Value]
    FROM [ApiResources] AS [a]
    LEFT JOIN [ApiResourceSecrets] AS [a0] ON [a].[Id] = [a0].[ApiResourceId]
    LEFT JOIN [ApiResourceScopes] AS [a1] ON [a].[Id] = [a1].[ApiResourceId]
    LEFT JOIN [ApiResourceClaims] AS [a2] ON [a].[Id] = [a2].[ApiResourceId]
    LEFT JOIN [ApiResourceProperties] AS [a3] ON [a].[Id] = [a3].[ApiResourceId]
    WHERE EXISTS (
    SELECT 1
    FROM [ApiResourceScopes] AS [a4]
    WHERE ([a].[Id] = [a4].[ApiResourceId]) AND [a4].[Scope] IN (N'openid', N'profile', N'roles'))
    ORDER BY [a].[Id], [a0].[Id], [a1].[Id], [a2].[Id], [a3].[Id]
    dbug: IdentityServer4.EntityFramework.Stores.ResourceStore[0]
    Found API resources in database
    info: Microsoft.EntityFrameworkCore.Database.Command[20101]
    Executed DbCommand (1ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
    SELECT [a].[Id], [a].[Description], [a].[DisplayName], [a].[Emphasize], [a].[Enabled], [a].[Name], [a].[Required], [a].[ShowInDiscoveryDocument], [a0].[Id], [a0].[ScopeId], [a0].[Type], [a1].[Id], [a1].[Key], [a1].[ScopeId], [a1].[Value]
    FROM [ApiScopes] AS [a]
    LEFT JOIN [ApiScopeClaims] AS [a0] ON [a].[Id] = [a0].[ScopeId]
    LEFT JOIN [ApiScopeProperties] AS [a1] ON [a].[Id] = [a1].[ScopeId]
    WHERE [a].[Name] IN (N'openid', N'profile', N'roles')
    ORDER BY [a].[Id], [a0].[Id], [a1].[Id]
    dbug: IdentityServer4.EntityFramework.Stores.ResourceStore[0]
    Found scopes in database
    dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
    Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
    dbug: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
    ValidatedAuthorizeRequest
    {
    "ClientId": "web-mvc",
    "ClientName": "Order All",
    "RedirectUri": "http://localhost:5025/signin-oidc",
    "AllowedRedirectUris": [
    "http://localhost:5025/signin-oidc"
    ],
    "SubjectId": "anonymous",
    "ResponseType": "code id_token",
    "ResponseMode": "form_post",
    "GrantType": "hybrid",
    Mahenbisht
    @Mahenbisht

    I can see 2 issues in Log
    (1) dbug: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
    No user present in authorize request

    (2) info: IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator[0]
    Showing login: User is not authenticated

    Robert Karlsson
    @Robban1980
    well you now know that you failed to authenticate the user
    i would fine that infomration very valuable when if i was looking for what i was doing wrong
    Emanuel Ramos
    @imaramos
    Hello guys, I am building a React app with IdentityServer, after the login succeed, we are redirecting back to our page (with RedirectUris), but this redirect is throwing an CORS error. Does anyone knows how to overcome this? AFAIK this should not happen when redirecting
    Mahenbisht
    @Mahenbisht

    i would fine that infomration very valuable when if i was looking for what i was doing wrong

    I am sending these claims in Authentication method.

    IList<Claim> additionalClaims = new List<Claim>() {
    new Claim(JwtClaimTypes.Subject, user.ID.ToString()),
    new Claim(JwtClaimTypes.Name, user.Email),
    new Claim(JwtClaimTypes.Role, user.Role)
    };
    var claimsIdentity = new ClaimsIdentity(additionaClaims, CookieAuthenticationDefaults.AuthenticationScheme);
    var authProperties = new AuthenticationProperties {};
    await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);

    Are these claims sufficient for Authentication method?
    Is this call to Authentication method correct, according to IdentityServer4?

    Robert Karlsson
    @Robban1980
    @Mahenbisht i recommend you look at the existing sample of how to authenticate and sign in with IdentityServer, there are complete ones in the repo. from there you should be able to figure out what you are missing to sign in
    Mahenbisht
    @Mahenbisht
    Can you provide me the sample link for Asp.net core 3.1. I am using my own database for users. I am not using default Asp.net core identity
    Mahenbisht
    @Mahenbisht
    Thanks Robert. I will check the demo and try to grasp logics from this repository
    Mahenbisht
    @Mahenbisht
    Do we have a demo with IdentityServer4 with Asp.net core 3.1 with Hybrid flow
    DenisIvanovIvanov
    @DenisIvanovIvanov
    I have a question, we have a client with his platform where they have API's acting as middleware to their Azure tenant. We have our own IS4 and login works fine, but the access token is from IS4 and not the one from their provider. Their implementation is very limited and we cannot access their API's from our API without having to login again to get the right access token. Is there a way to store their access token as a claim after successful authentication?
    dinesh1980
    @dinesh1980
    Hi All Do we have demo with IdentityServer4 with Asp.net core 3.1 ,code flow with smart client
    vishak os
    @vichu28_twitter
    What’s a smart client?
    Michael W Powell
    @mwpowellhtx
    for IS4 (or 3) or just Identity in general, Claims, etc... Q: possibly a bit OT, or maybe not considering the forum...
    concerning Identity or rather Claims... what is a Claim? A key value pair? The key being a Uri? what informs the Uri?
    Is there an Xml Schema definition behind that to further describe the accepted data?
    Also looking for feedback concerning customization, business or application specific custom claims.
    Thanks...