Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Florian
@filoe

Providing the secret using the UsePrivateKey extension of the apple package. When running it on windows using:

            var bytes = Convert.FromBase64String("base64-string");
            var privateKey = Encoding.UTF8.GetString(bytes);
            if (privateKey.StartsWith("-----BEGIN PRIVATE KEY-----", StringComparison.Ordinal))
            {
                string[] lines = privateKey.Split(new char[1]
                {
                    '\n'
                });
                privateKey = string.Join(string.Empty, lines.Skip(1).Take(lines.Length - 2));
            }
            bytes = Convert.FromBase64String(privateKey);

            var key = CngKey.Import(bytes, CngKeyBlobFormat.Pkcs8PrivateBlob);
            var k = new ECDsaCng(key) { HashAlgorithm = CngAlgorithm.Sha256 };

it works using the same base64 string as in the container

Kévin Chalet
@kevinchalet
@filoe wrong gitter room.
Martin Costello
@martincostello
@filoe There’s inconsistencies in the cryptography APIs in ASP.NET Core 2.2 that made it tricky for certain scenarios. If you can’t update to 3.0 or 3.1, try reading the section about xplat issues in my blog post: https://blog.martincostello.com/sign-in-with-apple-prototype-for-aspnet-core/
rik coleman
@coleman-rik
afternoon everyone.
.Net Framework 4.5.2 Web API project Microsoft OWIN isn't sending 'Access-Control-Allow-Origin' headers? Any ideas where I should look?
Kévin Chalet
@kevinchalet
Hi. Is your question related to Owin.Security.OpenIdConnect.Server or general? :smile:
rik coleman
@coleman-rik
@PinpointTownes Microsoft.Owin.Cors
Kévin Chalet
@kevinchalet
Then it has nothing to do with this Gitter room, right?
rik coleman
@coleman-rik
@PinpointTownes I don't know. This is the only Owin/Cors room I could find here.
Kévin Chalet
@kevinchalet
The topic associated with this room is "OpenID Connect/OAuth2 server framework for OWIN/Katana" so it's definitely not the right place.
Consider posting your question there: https://github.com/aspnet/AspNetKatana
rik coleman
@coleman-rik
Well thanks, and sorry for the intrution.
Kévin Chalet
@kevinchalet
No problem :smile:
Aaron Mousavi
@Aaronmsv

Hi! Sorry for bothering but I have a question related to the authorization code flow described here https://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-authorization-code-and-implicit-flows/

I have implemented this, very similar to the code that is described there. I use the Authorize attribute on the Authorize endpoint to make sure the user is logged in before they see the authorization page, but unauthenticated users are not being redirected to the login page, it just returns a 401.

In the debug logs I see this:
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Debug: AuthenticationScheme: Identity.Application was not authenticated.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Debug: AuthenticationScheme: Identity.External was not authenticated.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Debug: AuthenticationScheme: Identity.TwoFactorRememberMe was not authenticated.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Debug: AuthenticationScheme: Identity.TwoFactorUserId was not authenticated.
AspNet.Security.OAuth.Validation.OAuthValidationHandler:Debug: Authentication was skipped because no bearer token was received.
AspNet.Security.OAuth.Validation.OAuthValidationHandler:Debug: AuthenticationScheme: Bearer was not authenticated.
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes (Identity.Application, Identity.External, Identity.TwoFactorRememberMe, Identity.TwoFactorUserId, Bearer).
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.Application was challenged.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.External was challenged.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.TwoFactorRememberMe was challenged.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.TwoFactorUserId was challenged.
AspNet.Security.OAuth.Validation.OAuthValidationHandler:Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action ..Controllers.OAuthController.Authorize (...) in 67.3042ms
Aaron Mousavi
@Aaronmsv
Hmm, seems to be caused by the authentication schemes passed to the authorize attribute
Kévin Chalet
@kevinchalet
Hey @Aaronmsv.
Yeah, it's definitely that. You'll want to use Identity.Application to redirect the user to the login page.
Aaron Mousavi
@Aaronmsv
Hey @PinpointTownes, thanks for they reply. Great article btw!
Kévin Chalet
@kevinchalet
@Aaronmsv to be honest, it's a bit obsolete now (it was written for ASP.NET Core 1.0). I'll see if I can publish a similar series once OpenIddict 3.0 (into which ASOS will be merged) is available.
Aaron Mousavi
@Aaronmsv

That's OK, it was enough to get me started. Combined with the repo on Github I could find most of the things I needed.

There's one thing I haven't fixed yet, and that I have been searching for a while now. I derived from OpenIdConnectServerProvider and have overridden the serialize/deserialize methods so I can store the tokens in our database. However, it seems that at this point the tokens are not generated yet. I'm now generating them manually, but I'd really like to keep using the ones that OIDC generates.

jikkujj
@jikkujj
Hi Kevin. i was wondering how to get to the screen from which i can trigger a sign in
Figured it out. Just had to set mvc client as the startup project in visual studio
jikkujj
@jikkujj
Another question. What is agood way to make sure javascript knows that the user is logged out when using oidc? My approach was to store the username in localstorage after successfully authentication. Then came to mind the question as to how to ensure the frontend doesnt indicate the username, when the user's session with the oidc provider has ended.
Kévin Chalet
@kevinchalet
You can implement and use silent authorization requests in iframes: if you get a login_required error, the user is logged out.
Take a look at the server sample in the OpenIddict 3.0 repo to see how the server part is implemented.
jikkujj
@jikkujj
Thanks
So would we need to keep sending authorization requtests in a loop to determine if user session has expired?
Kévin Chalet
@kevinchalet
Yes. If it's a problem for you, you can still implement session management yourself: https://openid.net/specs/openid-connect-session-1_0.html
It's not something OpenIddict or ASOS current implements so you're pretty much on your own.
mirza21
@mirza21
Hi Kevin
I want to configure signing keys for my jwt validation
my applicaiton is server as well as hosting api
server must run to download metadata from url to configure JWT
is it possible to configure muy JWT signing keys in startup class when opendidict is configured
Siarhei Filipau
@sfilippov
sorry for bothering but what is the nuget package includes OpenIddictContext definition? I use OpenId 2.0.1
Kévin Chalet
@kevinchalet
Good Lord, this type was removed at least 4 years ago :smile:
Inherit from DbContext (or IdentityDbContext if you use Identity) and use that instead: https://github.com/openiddict/openiddict-samples/blob/dev/samples/CodeFlow/AuthorizationServer/Startup.cs#L35-L38
Siarhei Filipau
@sfilippov
Tnank you, @kevinchalet !
Siarhei Filipau
@sfilippov
@kevinchalet , how I can catch authorization code processing? I send response_type=code in first step and get code from server, second part I send that code with response_type=token but I get "The specified authorization code is invalid" from ASOS. I can't check code manually
I don't get in AuthorizationProvider.HandleTokenRequest
Kévin Chalet
@kevinchalet
You're likely doing very weird things, because you're not supposed to send response_type=token but grant_type=authorization_code in the token request.
Siarhei Filipau
@sfilippov
yes, I send grant_type=authorization_code on second step
Kévin Chalet
@kevinchalet
Did you take a look at the logs?
Anything interesting?
Siarhei Filipau
@sfilippov
looks like data format is not suitable for code, can
't unprotect, looking into it
Siarhei Filipau
@sfilippov
@kevinchalet , can I use authorization code flow for using code from Authentificator mobile app?
Kévin Chalet
@kevinchalet
The code flow can definitely be used with 2FA. But you can't use the 2FA "code" provided by the authenticator app as an OIDC "code", obviously.
Kévin Chalet
@kevinchalet
@/all FYI, OpenIddict 3.0 beta1 was released yesterday. Don't miss the important announcement regarding the support of ASOS and the aspnet-contrib validation/introspection middleware at the end of this blog post: https://kevinchalet.com/2020/06/11/introducing-openiddict-3-0-beta1/