Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Ronak Kapadia
    It throws this exception: Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: invalid_request
    I've just started getting : 2017-03-29 12:01:18.521 +01:00 [Information] Callback invoked from external identity provider
    2017-03-29 12:01:18.521 +01:00 [Error] External identity provider returned error: "access_denied"
    when everything has been working fine for months
    has nayone had this issue ?
    Looks like its necessary to upgrade to pre-release of microsoft.owin.security.facebook
    as stated in this issue : aspnet/AspNetKatana#38
    Tim Parker-Nance
    Hi, I have a working IDServer3, WebAPI with UseIdentityServerBearerTokenAuthentication, MVC client calling the WebAPI. Is it possible in the WebAPI to get the ClientID of the calling MVC client?
    Hi all. According to http://openid.net/specs/openid-connect-core-1_0.html UserInfo can be in JWT format. It's possible in current version of IS3 ?
    Jaymie Jeffrey
    Hey all, I have a question I posted on stack overflow that I was hoping someone could help me with
    Basically, I have managed to set up a scope and client and I have managed to authenticate
    I received my token, but when I try to access any controller decorated with the Authorize attribute I get a 401 error
    anyone know why?
    Jorge Gaona
    Hi there... does anyone know if scope claim values should be returned regardless if the user authorizes or not? I'm calling an API passing the token generated in my MVC app. From the API I can retrieve the values for profile and role claims (stated as scopeClaims in the corresponding scope); in the MVC app they are not returned. In both cases I retrieve them using ((User as ClaimsPrincipal).Claims.
    Jaymie Jeffrey
    Not sure if I have fixed it
    but it appears that Transform is invoked multiple times during a request
    so I have added a private property for the current user
    which I only try to assign if it is null (it hasn't been assigned to before)
    that seems to work
        public class ClaimsTransformer
            private readonly IUserProvider _userProvider;
            private UserViewModel _currentUser { get; set; }
            public ClaimsTransformer(IUserProvider userProvider) => _userProvider = userProvider;
            /// <summary>
            ///     Gets the user claims for the current user
            /// </summary>
            /// <param name="incomingPrincipal">The incoming claims principal</param>
            /// <returns></returns>
            public async Task<ClaimsPrincipal> Transform(ClaimsPrincipal incomingPrincipal)
                // If the current user is authenticated
                if (!incomingPrincipal.Identity.IsAuthenticated) return incomingPrincipal;
                // Get our user id
                var id = incomingPrincipal.Identity.GetSubjectId();
                // If we have our id
                if (string.IsNullOrEmpty(id)) return incomingPrincipal;
                // Get our current user if we haven't already
                if (_currentUser == null) _currentUser = await _userProvider.GetAsync(id);
                // Get the user claims and add to our identity
                var userClaims = _currentUser.Claims;
                var claims = userClaims.Select(ModelFactory.Create);
                foreach (var claim in claims) incomingPrincipal.Identities.First().AddClaim(claim);
                // Return our modified claims principal
                return incomingPrincipal;
    I shall do some more testing and see if it has actually resolved the issue
    Anyone knows how to config userlogin logs
    Jaymie Jeffrey
    so I am reading this article
    and it states that you can't DI database entities into the ClaimsTransformer
    so my solution above won't work (and it doesn't always work)
    how can I get database claims and assign it to the current identity?
    Jaymie Jeffrey
    this is the same issue I am having
    I have set up a ClaimsProvider
    and it's not working
    any help with that would be great
    or if anyone needs any more info
    Jaymie Jeffrey
    no one?

    We have developed our OAuth implementation to support single sign on. OAuth was deployed on different servers for different regions. For eg. US, UK and DE.

    We have deployed a client which is bound to OAuth. I want to host only one instance of my client which will redirect to specific region's OAuth.

    is there a way to change Authority dynamically??

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    Authority = "http://SomeGoodURL/"

    Is it possible to UseCookieAuthentication and UseIdentityServerBearerTokenAuthentication?
    app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
                    Authority = ConfigurationManager.AppSettings["Url"],
                    RequiredScopes = new[] { "scope" }
        app.UseCookieAuthentication(new CookieAuthenticationOptions
                    AuthenticationType = ConfigurationManager.AppSettings["CookieName"]
    Jaymie Jeffrey
    anyone know why I have started getting this error: Error returned from introspection endpoint: Not Found?
    Is Identity Server 3 still maintained?
    Hi everyone, I am using CustomViewService in identity server 3 and I needed to add reset password page. I followed the solution provided here: https://stackoverflow.com/questions/31046208/identity-server-v3-custom-page-reset-password . But, Identity Server is not able to find resetPassword.html page even though I provided it in "templates" folder and it keeps returning 404 error "No webpage was found for the web address: http://localhost:44333/core/resetPassword?signin=b3253f1ef659cffe9165c7c6b134715a". Any help will be appreciated.
    How to solve 400 bad request issue caused due to multiple nonce and application cookies?
    I am trying to follow the code in IdentityServer3.Samples/source/Clients/MVC OWIN Client (Hybrid)/ Startup.cs to connect Asp.Net 4.5 MVC5 to IdenityServer4 to get claims, with the newest IdentityModel v3.10.10 package, I got issue on id.AddClaims(userInfoResponse.GetClaimsIdentity().Claims) in the Notifications; it says
    UserInfoResponseextensions.GetClaimsIdentity(userInfoResponse). is inaccessible due to its protection level.
    Should I use different version or should change to use something else to get Claims?
    Raymond Bergen
    when calling the userendpoint done in my case using the oidcclientjs i only get the sub as claim. when it calls the other endpoint it also passes extra claims .... most important for me now is the idp claim is there a way to pass this claim to the userinfoendpoint?
    i read in a few posts that you should have enough info by just using the sub claim ... but in my case it would be best if i knew which idp claim was set. with these 2 claims i can then find the extra claims for the user in my DB
    i am getting this error after hosting the application.
    A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 164.XXX.XXX.XX:443. This is when client application tries to login via SSO. Can anybody help please?
    I am starting to work on a new Application with Identity Server4. I heard they will be supporting IdentityServer4 until the end of the life of .NET Core 3.1 in November 2022. Can anyone advise me on is it better to start with IS4 and what challenges I will face in the future if I use IS4?