Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 28 14:50

    kevinchalet on dev

    Fix ValidateDataProtectionToken… (compare)

  • Feb 28 14:50
    kevinchalet closed #919
  • Feb 28 14:38
    kevinchalet labeled #919
  • Feb 28 14:38
    kevinchalet assigned #919
  • Feb 28 14:38
    kevinchalet milestoned #919
  • Feb 28 14:38
    kevinchalet opened #919
  • Feb 28 14:26
    kevinchalet commented #916
  • Feb 27 16:24
    kevinchalet labeled #917
  • Feb 27 15:19
    kevinchalet closed #918
  • Feb 27 15:19
    kevinchalet commented #918
  • Feb 27 15:09
    kevinchalet labeled #918
  • Feb 27 15:09
    kevinchalet commented #918
  • Feb 27 15:07
    kevinchalet commented #918
  • Feb 27 14:56
    kinosang opened #918
  • Feb 26 15:00
    kevinchalet commented #917
  • Feb 26 14:56
    NetTecture closed #917
  • Feb 26 14:56
    NetTecture commented #917
  • Feb 26 12:44
    kevinchalet commented #917
  • Feb 26 11:53
    NetTecture commented #917
  • Feb 26 08:45
    Tsjerno commented #916
Kévin Chalet
@kevinchalet
There’s a dedicated property in TokenValidationParameters :smile:
And no, no code example.
OpenIddict 3.0 samples won’t use the JWT Bearer handler.
Lejdholt
@Lejdholt
Ok, I'll look at that, thanks. So using JWT is not recommended in the example I'm doing?
Kévin Chalet
@kevinchalet
Feel free to use the JWT handler, but OpenIddict 3.0 comes with its own validation handler (that supports JWT), which will be my recommended option.
Mohammed Gadi
@mgadirocks
I am really unable to understand why I am getting this error :
Invalid column name 'ConcurrencyToken'. Invalid column name 'ConsentType'. Invalid column name 'Permissions'. Invalid column name 'PostLogoutRedirectUris'. Invalid column name 'Properties'. Invalid column name 'RedirectUris'.
I have updated my OpenIddict-core library to latest version from version 1
Can anyone help me in this?
image.png
this how appdbcontext class look like
Kévin Chalet
@kevinchalet
@mgadirocks did you add a migration?
The schema has changed a bit to support new scenarios, so there are new columns a migration should add for you.
Mohammed Gadi
@mgadirocks
in such case do I need to comment the highlighted code shown in the above image or I should keep them as it is?
@kevinchalet
Kévin Chalet
@kevinchalet
You should keep them... otherwise the table names used in the migration won’t be correct.
Mohammed Gadi
@mgadirocks
ok thanks
Alexander Trauzzi
@atrauzzi

Okay, question time again 🙂

I'm wondering what the message "InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found." means.

When I look at my application in the database, it has ["ept:authorization"] for Permissions, is public and has a RedirectUri
Alexander Trauzzi
@atrauzzi
Which I'm now getting error:unauthorized_client error_description:The client application is not allowed to use the authorization code flow.
Alexander Trauzzi
@atrauzzi
I've just added Permissions.GrantTypes.AuthorizationCode to my client. I didn't realize all the different values I might need in there. Is there anywhere in the documentation that talks about managing those records? It seems like a lot of different flags have to be managed before a client can safely run the gauntlet ;)
Alexander Trauzzi
@atrauzzi
Thanks man, sorry to be a pain. I'm definitely making progress. I had to detour to get my regular cookie-based auth going.
I think once I'm done all this, I'll probably be looking at how I can perhaps clean up or eliminate unnecessary configs in my Startup.cs
I feel like there are some things that don't need to be done because openiddict handles it for me?
Kévin Chalet
@kevinchalet
OpenIddict will handle many things for you, but hard to say whether you don't need additional code without knowing what you have in mind exactly :smile:
Alexander Trauzzi
@atrauzzi
Haha, well I just mean overlap between cookies and identity.
I almost feel like I want a graph of the concerns and where they overlap with the framework.
Kévin Chalet
@kevinchalet
Oh :smile:
Alexander Trauzzi
@atrauzzi
One example would be authentication schemes. I'm not sure if anything is done for me in any case or what the right "combo" is for a system that can do both cookie auth for consent screens, but oauth for my applications, etc...
Kévin Chalet
@kevinchalet
Well, OpenIddict and cookies/identity: there's 0 overlap. It won't do cookies authentication for you.
Alexander Trauzzi
@atrauzzi
I commented out my explicit configuration of schemes and everything seems to still work, so...At some point, the various tutorials I'm combining together may obviate one another in subtle ways.
Kévin Chalet
@kevinchalet
Cookies handler vs Identity... well, Identity registers a few cookie handlers for you, so in general, you don't need to register an explicit instance.
Alexander Trauzzi
@atrauzzi
Right! But configuring authentication still requires a call to .AddCookie(... to say... configure the login endpoint.
Or change the ticket data format (if desired)
Kévin Chalet
@kevinchalet
Actually no :smile:
Alexander Trauzzi
@atrauzzi
o?
Kévin Chalet
@kevinchalet
It's a common trap. In general, you'll just end up register another instance while doing that. Instead, consider using .ConfigureApplicationCookie(...)
Alexander Trauzzi
@atrauzzi
Ahhhh
So this "...ApplicationCookie"
Is just the existing one.
I'm not surprised that people get snagged by it, there are so many subtle differences between things that by their names alone sound like they do the same thing.
😅
Kévin Chalet
@kevinchalet
Hehe, yeah :smile:
Alexander Trauzzi
@atrauzzi
Is it considered bad practice in any way to have the consent screen be itself a self-contained SPA hosted at its own URL?
(rather than having to rely on something like AuthorizeViewModel never being exposed)
Doug Waldron
@guitarzan
I have added some custom claims to my user. They are stored in the database (AspNetUserClaims) and they are present in the /connect/userinfo endpoint. But in the client, only one of the custom claims is returned from var info = await _signInManager.GetExternalLoginInfoAsync(); Any guidance on why this might be?
Kévin Chalet
@kevinchalet
It's how Identity works, unfortunately.
More info at aspnet/Identity#628.