@kkallberg I'm not too sure what tech stacks your using but assuming you're using React / Angular / Next or something like that you could have a few options. Although without knowing exactly what your production environment is like some of these may not apply.
You could also reduce the number of redirects by using silent auth and storing the renewal token in a cookie (Maybe someone else could comment on the security of using this token this way).
Another solution is to do the same above but at a server level. Without knowing what server you're using to serve the SPA it's hard to give any exact instructions but if your spa is served using nginx / apache you could configure your htaccess/.conf files to do the same behavior as above. Check the URL for the token parameter, if it doesn't exist (or a renewal cookie for silent auth doesn't exist), redirect to identity server first. If your server doesn't support either of these technologies, you could achieve the same results using a nginx based reverse proxy or possibly even writing a custom solution for whatever server you're using.
In the development mode, the client Angular application is running on HTTP. After successfully logging
when redirect back to the application it keeps reloading again. This is because of HTTP, however, if I change the Node
application to the HTTPS everything is working. Does anyone know how to allow HTTP
I have setup CORS as well
And in the client setting the allowed CORS are as below
Having issues with Sliding cookies with identityServer. Lets say we have authentication cookie set to expire on identityserver at 1 hour - sliding = true. A client application that uses IdentityServer has an auth cookie is set to 30 minutes, sliding = true. The client application can slide it's cookie every > 15 minutes keeping the user logged in on the client application. However that does not sync back on identityServer side. After 1 hour the session there is effectively ended regardless of the client's sliding. The client will continue to work until it's cookie expires > 30 minutes if no sliding there happens..
The only time a slide on identityserver seems to happen is when the client cookie expires BEFORE the identityserver cookie. In that case, the client logs back in a again, a call to authorize, slides the identityserver cookie. Maybe thinking about this wrong, but expected that when a client cookie slides, this also calls to identityserver to slide that cookie as well (if > 1/2 the expry time).
.AspNetCore.Identity.Applicationcookie. It seems that it will contain all the information inserted into my token as well. So there is multiple questions:
Hi All, We are using IdentityServer4 , Cert-manager, Kubernetes setup. When using IdentityServer4 admin page we get this error. "unable to obtain configuration from well-known/openid-configuration". We do not get the same error on other pages but only on Identity4 admin. Anybody has faced same issue?
We identified the root cause. It was because https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
We added this preferredChain: "ISRG Root X1" in Issuer.
Hope it helps to anyone having same problem!!
I'm using IdentityServer4 and I have implemented implicit flow using the demo UI. My client is using the consent screen and I have a case where I need to add some additional parameters to the token after consent. In consent controller POST action:
Is there a way to get the current token? I see that there is a state parameter sent to the controller and passed around with each call. Since the token is created after login, I'm guessing IS4 is using this state to keep the token somewhere in memory. Is there a way for me to retrieve it?
How can I modify the token and add additional claims to it at the consent POST action?
💨Don't miss your chance to be rich
✌️👍🙏DiscJockey is my name and I'm an admin with my own store link and group link https://t.me/+_kTifpKvc-kwNDJk
This is my group link, you can check and prove my legal work there.
🙏UPDATE My Services: Sell PayPal account verified – PayPal transfer Sell Bank Transfer – Bank Login Sell Clone card - Secure shipping tunnel cc Fullz sell and random Information – 99% valid cards Sell Dumps with pin track 1 and 2 101 201 Sell Western Union money transfer services Sell Gift Cards Itune – Amazon – Ebay Clone/Credit Cards Sell Booking airfare services – worldwide Sell e-carding services *SMTP - Pass Mail - PHP - Sell RDP !! Follow the Group Stage and contact me if you want to earn money! Let's make more bread! Obey the rules ! Whether you order it or buy it, get it instantly ✌️ Affiliate member required for a long-term business 🙏100%. 100% High Quality Good and Quality Castings+Pins 90% Approval
TN PRAYER PAYMENT
PRAYER TO ARIZONA
What MASS UI DUA has
ALL GOVERNMENT PRAYER PAYMENTS
METHOD IS AVAILABLE!!
FULLZ + CASTINGS
BANK LOG and bank deposits
CASTING + P!N
WU TRANSFER ♛
SCAN ALL APPLES ♛
Good sale QUALITY THINGS with a good product! With a large number of customers worldwide and also a Valid Reseller 🇺🇸
BESTBUY TAP & SHARE WORKING BOXES
VERIZON TAP & SHARE
WALMART - TAP & Pay Bin's
Amazon prime Tap and pay
••Cold random prices Random Boxes ••
COUNTRIES ! Verizon - AMAZON DUMPS with pin
Verizon- Track2- 1 Pin
Walmart - Track1-2 Pin
Postcode + PINs
FULLZ + Ssn - details
FULLZ - Dob + Pins
CV - Postal Code + ATM
Those who are ready and willing to abide by the rules should message or contact me immediately! Telegram ✅https://t.me/DiscJockie
So I am trying to get global logouts working on my app. I have two MVC apps both setup up to use the oidc protocol. For grant types, it is set to hybrid.
When logging out I redirect to the EndSessionEndpoint with no params (I have no clue how to get the id_token_hint, doesn't seem to be in the user profile or my redirect endpoint).
The EndSessionEndpoint automagically creates a logoutId and redirects to my logout page. There I can click the logout button and that does a post request. This is where it seems to just not work. I call GetLogoutContextAsync. It has the client id, but no redirect URL. In addition, my identity context does not have me logged in.
Not sure where to go from here if anybody has any pointers.