Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Validation\TokenRequestValidator.cs, line 368
    and I cannot find a way to override that behavior
    it would be great if someone here can help... thank you
    my current solution is... create a subclass of the original validator
    and copy everything from it... except that lines of check
    oops it's wrong group, it's IS3... sorry
    Ronak Kapadia
    Hi All, I am setting up IDserver3 on my local machine, using Webhost(Minimal) sample code. The web hosting is working fine, but when I try to use the IDserver3 from my application, it is not redirecting me to the login page. Instead, it goes to authorise page and throw Invalid_request exception
    Any help is much appreciated, as I am new to this
    It throws this exception: Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: invalid_request
    I've just started getting : 2017-03-29 12:01:18.521 +01:00 [Information] Callback invoked from external identity provider
    2017-03-29 12:01:18.521 +01:00 [Error] External identity provider returned error: "access_denied"
    when everything has been working fine for months
    has nayone had this issue ?
    Looks like its necessary to upgrade to pre-release of microsoft.owin.security.facebook
    as stated in this issue : aspnet/AspNetKatana#38
    Tim Parker-Nance
    Hi, I have a working IDServer3, WebAPI with UseIdentityServerBearerTokenAuthentication, MVC client calling the WebAPI. Is it possible in the WebAPI to get the ClientID of the calling MVC client?
    Hi all. According to http://openid.net/specs/openid-connect-core-1_0.html UserInfo can be in JWT format. It's possible in current version of IS3 ?
    Jaymie Jeffrey
    Hey all, I have a question I posted on stack overflow that I was hoping someone could help me with
    Basically, I have managed to set up a scope and client and I have managed to authenticate
    I received my token, but when I try to access any controller decorated with the Authorize attribute I get a 401 error
    anyone know why?
    Jorge Gaona
    Hi there... does anyone know if scope claim values should be returned regardless if the user authorizes or not? I'm calling an API passing the token generated in my MVC app. From the API I can retrieve the values for profile and role claims (stated as scopeClaims in the corresponding scope); in the MVC app they are not returned. In both cases I retrieve them using ((User as ClaimsPrincipal).Claims.
    Jaymie Jeffrey
    Not sure if I have fixed it
    but it appears that Transform is invoked multiple times during a request
    so I have added a private property for the current user
    which I only try to assign if it is null (it hasn't been assigned to before)
    that seems to work
        public class ClaimsTransformer
            private readonly IUserProvider _userProvider;
            private UserViewModel _currentUser { get; set; }
            public ClaimsTransformer(IUserProvider userProvider) => _userProvider = userProvider;
            /// <summary>
            ///     Gets the user claims for the current user
            /// </summary>
            /// <param name="incomingPrincipal">The incoming claims principal</param>
            /// <returns></returns>
            public async Task<ClaimsPrincipal> Transform(ClaimsPrincipal incomingPrincipal)
                // If the current user is authenticated
                if (!incomingPrincipal.Identity.IsAuthenticated) return incomingPrincipal;
                // Get our user id
                var id = incomingPrincipal.Identity.GetSubjectId();
                // If we have our id
                if (string.IsNullOrEmpty(id)) return incomingPrincipal;
                // Get our current user if we haven't already
                if (_currentUser == null) _currentUser = await _userProvider.GetAsync(id);
                // Get the user claims and add to our identity
                var userClaims = _currentUser.Claims;
                var claims = userClaims.Select(ModelFactory.Create);
                foreach (var claim in claims) incomingPrincipal.Identities.First().AddClaim(claim);
                // Return our modified claims principal
                return incomingPrincipal;
    I shall do some more testing and see if it has actually resolved the issue
    Anyone knows how to config userlogin logs
    Jaymie Jeffrey
    so I am reading this article
    and it states that you can't DI database entities into the ClaimsTransformer
    so my solution above won't work (and it doesn't always work)
    how can I get database claims and assign it to the current identity?
    Jaymie Jeffrey
    this is the same issue I am having
    I have set up a ClaimsProvider
    and it's not working
    any help with that would be great
    or if anyone needs any more info
    Jaymie Jeffrey
    no one?

    We have developed our OAuth implementation to support single sign on. OAuth was deployed on different servers for different regions. For eg. US, UK and DE.

    We have deployed a client which is bound to OAuth. I want to host only one instance of my client which will redirect to specific region's OAuth.

    is there a way to change Authority dynamically??

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    Authority = "http://SomeGoodURL/"

    Is it possible to UseCookieAuthentication and UseIdentityServerBearerTokenAuthentication?
    app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
                    Authority = ConfigurationManager.AppSettings["Url"],
                    RequiredScopes = new[] { "scope" }
        app.UseCookieAuthentication(new CookieAuthenticationOptions
                    AuthenticationType = ConfigurationManager.AppSettings["CookieName"]
    Jaymie Jeffrey
    anyone know why I have started getting this error: Error returned from introspection endpoint: Not Found?