We are using IdentityServer for authentication and we are validating the access token using JwtSecurityTokenHandler ValidateToken. This used to work fine, but after we upgraded our client applicati...

We are trying to set up Identity Server 3 in the right way. We got authentication working fine and we manage to retrieve the refresh token. The client application is using Angular. Now when the a...

I am new to Identity Server. I haven't configured it before. But I need it for a Project I am working on. The API will be serving an Angular JS Client, iOS App and an Android App. We need to imple...

I am using Authorization Code flow for one of my Identity Server 3 clients and it is configured as follows: ClientId = "tripgalleryauthcode", ClientName = "Trip Gallery", Flow = Flows.Authorizatio...

I am trying to implement an architecture that follows the OAUTH2/OIDC protocol. In order to do that, I have STS(Identity Server v3 by leastprivilege), ASP.NET WebApi and ASP.NET MVC application for...

We are using the generic OpenID Connect middleware to use Google as an external identity provider using IdentityServer3. We don't have MetadataAddress or any special TokenValidationParameters set u...

I am trying to redirect to Identity Server's default login page when calling an API controller method from Angular's $http service. My web project and Identity Server are in different projects and...

I'm trying to create a master slave type configuration for authentication with IdentityServer4 as below MyMasterIdentityServer0 (Master) - receives id_token and gives access_token |---> MySlave...

after updating my project to angular 2 final i had a problem getting WebApi2 authoriaztion to work with IdentityServer3 and angular2-jwt. Before everything worked fine when in angular2-jwt configu...

Can someone please explain what the difference is between the two? I understand Client Secrets, but Scope Secrets are still not clear... as well as why a Scope Secret even needs to exist? While I ...

I'm wondering how to logout properly through the oidc-client UserManager signoutPopup method, without throwing an error when the user closes the popup window? I'm calling UserManager's signoutPopu...

In the IdentityServer sample code (startup.cs), we can see how to use a certificate: var certFile = env.ApplicationBasePath + "\\idsrv3test.pfx"; var signingCertificate = new X509Certificate2(cer...

We've been experiencing some deadlocks when working with interconnected ASP.NET WebApis on the same IIS server. We'd like to know if this is somehow an expected behavior, due to hosting all APIs on...

We were using IdentityServer3, implicit grant and the login consists of multiple screen. In IdentityServer3, there's built in support for such multiple step login workflow (for example for acceptin...

We have a multiple applications under one domain, and every application is built in asp.net mvc. Currently single sign on is facilitated using forms authentication, shared machine key. All applicat...

Im using IdentityServer3 to secure a Web API with the client credentials grant. For documentation Im using Swashbuckle but can't figure out how to enable Oauth2 in the SwaggerConfig for the client ...

Identity server is implemented and working well. Google login is working and is returning several claims including email. Facebook login is working, and my app is live and requests email permissio...

I set up several test sites for SSO using IdentityServer3, pretty much the cookie cutter sample apps with minor virations. They work well except one thing: When trying to single sign OUT and/or upd...

I use the resource owner flow with IdentityServer3 and send get token request to identity server token endpoint with username and password in javascript as below: function getToken() { var uid =...

As per the OpenID Connect specification is sub claim part of openid scope or profile scope? I could not find that information Update1 I am using IdentityServer3 for authentication. Client is makin...

Hopefully an easy one to resolve. Microsoft's System.IdentityModels.Tokens.Jwt package was updated yesterday on NuGet from 4.0.2.206211351 to v5.0. This is unfortunately causing a breaking change ...

I'm using Identity Server3 for my project, I currently have a website and api being protected by the Id server, this is working fine however because I'm storing the users in the Id Server database ...

new to using this framework. I have an OAuth client and I am running IdentityServer3 console app. I get an error to my client saying SSL is required. Is there a way to disable the SSL from Ident...

I am trying to co-host identityserver3 and web api (for user management using Bearer tokens) in the same startup. However I get the following error: A task was canceled. It appears the task cancell...

I'm migrating a Web Forms application from Forms Authentication to OpenID Connect (using OWIN and IdentityServer3). The application already has a lot of 'authorization' elements (for various locati...