In the configuration method of the OWIN Startup class, most of the sample projects are modelled like this:

            app.Map("/core", coreApp =>
            {
                ...
                var options = new IdentityServerOptions
                {
                    IssuerUri = "https://idsrv3.com",
                    SiteName = "Thinktecture IdentityServer v3 - CustomUserService",
                    ...
                };

                coreApp.UseIdentityServer(options);
            });

However, in the AspNetIdentity sample project, the code looks like this.

            appBuilder.Map("/admin", adminApp =>
            {
                ...
            });

            var options = new IdentityServerOptions
            {
                IssuerUri = "https://idsrv3.com",
                SiteName = "Thinktecture IdentityServer v3 - UserService-AspNetIdentity",
                ...                }
            };

            appBuilder.UseIdentityServer(options);

First, the mapping is being set for the "/admin" path, whereas it's being set for "/core" in the other samples.

Second, the call to UseIdentityServer() is called outside of the anonymous method, whereas it's called inside the anonymous method in the other samples.

The JS client is messy right now -- needs an update.

I know "resource owner flow" is not supported flow on openid connect,i wonder its not supported either to consume userinfo endpoint using access token on this flow ?it results 403 what i got when requested to userinfo with access token.

FederatedAuthentication.SessionAuthenticaionModule.SignOut() 

does not seem to actually log out the user as per the sample in
https://github.com/thinktecture/Thinktecture.IdentityServer.v3.Samples/blob/master/source/Clients/MvcCodeFlowClient/Controllers/HomeController.cs

CodeFlowClient.Controllers.HomeController.Logout()

I added additional removal of cookies and session to 'fix' this as per :
IdentityServer/IdentityServer2#396

    //https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/396
    Session.Clear();
    Session.Abandon();
    if (Request.Cookies["FedAuth"] != null)
    {
        var pHCeExpired = Request.Cookies["FedAuth"];
        pHCeExpired.Expires = DateTime.Now.Subtract(new TimeSpan(1, 0, 0));
        Response.SetCookie(pHCeExpired);
    }
    if (Request.Cookies["FedAuth1"] != null)
    {
        var pHCeExpired = Request.Cookies["FedAuth1"];
        pHCeExpired.Expires = DateTime.Now.Subtract(new TimeSpan(1, 0, 0));
        Response.SetCookie(pHCeExpired);
    }

I am trying to understand how this Code Flow is working with Flows.AuthorizationCode. Once the client "MVC CodeFlowClient" Authenticates User where is it storing the ID Token and Access-Token Information for subsequent requests. From the Client Configuration it looks it is using AccessTokenType = AccessTokenType.Reference. How does this reference token work?.

When the controller is created to call the service, I see that we are getting Access Token from Claims Principal. How is this Claims Principal getting created with this information?. As far as I understand the ClaimsPricipal is only valid per HTTP Request Session, How is this Claims Principal with token information is getting created.

var principal = User as ClaimsPrincipal;
var client = new HttpClient();
client.SetBearerToken(principal.FindFirst("access_token").Value);

Any insight into this would be helpful. By any chance is this information stored in the Cookie?.

Also The sample seems to be failing to call the service with 401 Unauthorized HTTP responses error, Do we need to setup something to get the sample working?.

We have created an application modeled after this example and have been receiving a 401 response when communicating with our secured resource. When I pulled up the Sample code I had downloaded from the Thinktecture Wiki a couple of weeks ago, the example also threw a 401. To see if that had been fixed, I downloaded the latest samples and attempted to run this application. Now I receive a 403. Not sure how to get around this issue.

When debugging the 401 I received from the previous code base (i.e. two week old Sample code) I noticed the "access_token" looks more like an code than an access token. Here is the access token from the MVC CodeFlowClient" example (i.e. to me it looks like another authorization code):

"f71523f92b464fb5a232007aaf7df9e9"

When compared to the access token from the JavaScript Implicit Client show below, I wonder if the "access_token" returned from identity server for the Authentication Code flow is correct?

"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJpbXBsaWNpdGNsaWVudCIsInNjb3BlIjpbIm9wZW5pZCIsInByb2ZpbGUiLCJyZWFkIiwid3JpdGUiLCJlbWFpbCJdLCJzdWIiOiJhbGljZSIsImFtciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNDEzMzIxNzcyLCJpZHAiOiJpZHNydiIsImlzcyI6Imh0dHBzOi8vaWRzcnYzLmNvbSIsImF1ZCI6Imh0dHBzOi8vaWRzcnYzLmNvbS9yZXNvdXJjZXMiLCJleHAiOjE0MTMzMjUzNzIsIm5iZiI6MTQxMzMyMTc3Mn0.NzuGJBGmoSne8krqqu0bP2OZRQngmDkbAQ9Ei2OJlmmbrM1ktqTBNfpah9DRYwXgEdrH-kMmgiAF-Rk3wJ5_4Qhnkd5JZ73dimkuGItVQasF8BY464qgoJEo_aF4o3GELe9ZT568UfZsk0ktso8_i0lM-XnAgV4y3-WdS_zDr3_2L95Q360ywaRgfDT56xn-gYdfM1kAsVMuUBzlhwMvVUHiG8SRgO_7TAMo39gUF9xYrEXouchqUkYqzJHuuoXOZ1_iD2TxOstSq3fz051zTYdXFrrcTlsq4KwmI3t1Q8Ia1_wVuH10aIH60wNSu-XtC46g-TMg1eooBW_DifTlEA"

I'm trying to debug the CustomUserService sample, but i'm interested in the part of the code in the Core project. I've tried removing the Thinktecture.IdentityServer reference, and change it for a reference to the Thinktecture.IdentityServer.v3 Core project. But I'm receiving errors in loading dependent dlls because of mismatched signatures.

Is there any procedure to do this easily?

How can I access the roles using the MVC OWIN middleware (UseOpenIdConnectAuthentication)?
I can see them coming through in the claims so they are read out of the token properly but Im not sure how I get them to a point where they can be used in the

[Authorize("RoleName")]

attribute.

I suspect it has something to do with the JwtSecurityTokenHandler.InboundClaimTypeMap, but I have no experience with this.

Is there an example you can point me to? Everything else seems to be working fine.

What's supposed to be the difference between the behavior supported by the RegisterFirstExternalRegistrationUserService class and the ExternalRegistrationUserService?

What's the difference between user service and view service ?

I need to add some custom authentication to include 2 auth cell phone validation.

I have a cut down sample based on the IdentityServer v3 SelfHost sample and for some reason i am not getting back all the claims i thought i would be getting.
The default claims are coming back but i cant seem to get the email or profile data

gist here with excerpts of the code : https://gist.github.com/RhysC/96d9580fa9a0a85f8a8a

Not sure what i have done wrong - does this work for anyone else?
Have i missed that point - i assume the additional scope were so i could get the profile from the ID server?

Thanks
Rhys

Dominick,

I wasn't sure if you just wanted me to move the issue or push code changes. I haven't pushed code yet using github. Below is the original question from the identityserver.v3 repo. I think the issue was that the MVC app had a valid non-expired cookie so it thinks it is authenticated within the MVC AuthenticationManager. The cookie was missing the id_token claim so the identity endpoint of the identity server did not know how to handle a log out request from the MVC client. In this disconnect nothing on the MVC side recognizes that there is critical info missing from the claims and so it never kills the cookie on the client side. I used Chrome Dev tools to see the cookies. They were:
OpenIdConnect.nonce.OpenIdConnect
FedAuth
FedAuth1

I fixed it via the MVC side by manually creating new expired cookies for each name and adding them to the response. The browser then dumped the cookies because they were expired. I'm not sure if this was some freak thing or if something should be added to the Logout process to force kill the client cookies. thoughts?

Because the MVC site thinks it is logged in (id_token claim missing from cookie data) the UI still shows the Logout button and attempts the Owin Signout which invokes the RedirectToIdentityProvider notification in Startup -> OpenId section of the sample MVC app. Currently the sample app throws an exception because the id_token claim is missing from the user's cookie for some reason. There is a section in the sample code that was trying to perform a .Value on a token that doesn't exist hence the exception. I have it doing a HasClaim check now to verify it exists first.

var idTokenHint = (n.OwinContext.Authentication.User.Claims.HasClaim("id_token") ? n.OwinContext.Authentication.User.FindFirst("id_token").Value : string.Empty);

because the id_token claim is missing it still redirects to the identity server without the identifying token in the query string so the identity server does not dispose of any tokens if they still existed and nothing signals the MVC application to dispose of the Cookie so the MVC app still thinks the user is logged in after all of this. Please advise on the best course of action to fix this. It seems like there should be something to dispose of the MVC app's cookie if the id_token claim is missing.

I copied the full bin directory of the compiled UserService-ApsNetIdentity sample project to a Windows Server 2012R2 system. Running SelfHost.exe on a Windows 8.1 system appears to work ok. Running it on 2012R2 shows the same console text as on Windows 8.1 but a web browser cannot make the connection (https://localhost:44333/core/admin). On both systems, Trace.log contains the same log entries:

SelfHost.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 12/18/2014 12:31:39 PM -- ConsentStore not configured - falling back to InMemory
SelfHost.exe Warning: 0 : [Thinktecture.IdentityServer.Core.Configuration.IdentityServerServiceFactory]: 12/18/2014 12:31:39 PM -- RefreshTokenStore not configured - falling back to InMemory

I do have a working connection strings set up for AspId and AspId_CustomPK, confirmed with SSMS on the 2012R2 system.

When attempting to compile the code as written in Startup.cs, I can't get it to go. The error is:

"Unknown type of variable 'n'" on line 47 of Thinktecture.IdentityServer.v3.Samples/source/Clients/MVC OWIN Client (Hybrid)/Startup.cs.

Is anyone having similar problems? Was there a breaking change?

Thanks.

Please give process for connect identity manager and thinktecture identity server v3 to database.

get rid of cert store dependency

What reason is this error Please sugges me
Value cannot be null.
Parameter name: uriString

My Code is a

[Route(Constants.RoutePaths.ForgotPassword, Name = Constants.RouteNames.ForgotPassword)]
[HttpGet]
public async Task ForgotPassword()
{
return await RenderForgotpassword();
}
private async Task RenderForgotpassword(string username= null)
{
var ctx = Request.GetOwinContext();
var ForgotPassworModel = new ForgotPasswordViewModel
{
// usrname = username,
CurrentUser = await GetNameFromPrimaryAuthenticationType(),
// LoginUrl = _options.AuthenticationOptions.EnableLocalLogin ? Url.Route(Constants.RouteNames.ForgotPassword, new { signin = "" }) : null,
};
// var user = await getUserForForgotPassword();
return new Thinktecture.IdentityServer.Core.Views.ForgotPasswordActionResult(_viewService, ctx.Environment, ForgotPassworModel);
}

need to add /core where hardcoded

Is there any chance we could see an example a Web API project receiving an access token from Identity Server V3 in the Authentication header and having that successfully loaded into the principal. I have been trying for days to do this without success. I have modified the "Implicit Flow (JavaScript)" project from Pluralsight to call my Web API application, I can see the CORS request followed by the "GET" and can even see Authorization header with the token being passed. I just don't understand what I need to do to have the OWIN pipeline pull that token, validate it and place in the principal of the request as "authenticated".

I feel SUPER thick right now, so any suggestions would be great.

P.S. Should I somehow be using "UseOAuthBearerTokens" or "UseJsonWebToken"? I tried using "UseJsonWebToken", but could not figure out the value I should provide for the signing key. My guess is I am way off the mark and need a better understanding of OWIN and OAuth2.

I've been looking for a scaled down solution, possibly something that could be added to the IdentityServer OWIN pipeline like Use.CustomDomainCredentialProvider to provide an optional assertion for Domain Credentials to be used when accessing network resources.

Did I miss an example in the existing samples? In v1 or v2, there were some posts but nothing formal, is there something similar for v3. It just seems this relatively common scenario is sort of hit and miss across open source identity management. Thanks in advance.

Hi Guys,

Look this may exist already in which case just point the finger to the applicable sample.

I'm going to be hosting an APP that uses Nancy and some other middleware. I want to do my identification and authorization in the main 'parent' application and set the relevant owin security stuff so that Nancy (and whatever other middle ware) have access to it.

https://github.com/jchannon/Owin.StatelessAuth/blob/master/src/Owin.StatelessAuthExample/Startup.cs
This guy I believe has a package that does what i'm after but I suspect there is a way to do this with the existing IdentityServer / IdentityModel libs.

So far i've just been doing:

 //Token Verification
   app.UseIdentityServerJwt(new JwtTokenValidationOptions {
     Authority = IdSvr.BaseAddress
  });

But I'm sure there is some more plumbing required and I'm struggling to find specifically what that is.

Thanks in advance

I am new to ASP.NET MVC and OWIN. Can you indicate what would need to be changed so that the AspNetIdentity example could be deployed to IIS rather than as a standalone console program?

To my scenario,there is more than one login endpoint (local web services actually) i need use due to scope values.
My questions are;
Is it possible to create or change dynamically UserService depending on the scope values which indicates the resource api names ?
If it not possible above issue what would be the convenient way to go using only one UserService's AuthenticateLocalAsync ? How to check scope values,what would be the pseudocode ?

Probably this way is somewhat contradiction of identity server nature but this is the way i must go.

Question: are there any examples on how to configure a Web API project to connect to IdentityServer, when the Web APO project doesn't use OWIN/Katana? I.e. the old method, with Application_Startup in Global.asax?

Regards,
Daníel

Hello,
I have been evaluating Thinktecture Identity server v3 for authentication and authorization.
I am at a point where I have setup v3 locally and also build small MVC web apps to get authenticated/ authorized from Thinktecture identity server v3 (thanks to all the samples).

Thinktecture v3 sets in-memory clients/user/claims.
Now I want to use Thinktecture Identity server v3 in production scenario, where I want to setup a database from which I can load users/ claims/roles.
I have read about Identity manager, MembershipReboot, but could not figure out how to use it (too many entities).
Also I need to understand what is the use of Thinktecture.Identitymanager.MembershipReboot; as per its description, I think this is what I need, but what about the UI? How can I setup users/roles, etc. Do I need deploy Identitymanager separately for this?

The videos at vimeo at related to older v3 version, so it adds to the confusion.
Not sure how to move ahead, I know I am few steps away from achieving the goal.

Kindly provide some help as to how can I setup everything in a production environment.

Thanks
Sandeep

In the CustomUserService sample application, new users are created in-memory. I want to use the ASP.NET Identity database, so I'm trying to combine the code from the CustomUserService sample application with the AspNetIdentity sample application.

The problem is that IUserService, which is the abstraction for IdentityServerServiceFactory.UserService doesn't expose any method for creating a new user.

In a typical ASP.NET application, the UserManager class exposes methods for creating new users. The application's UserManager type and its associated DbContext is registered with IAppBuilder like so:

        public void ConfigureAuth(IAppBuilder app)
        {
            // Configure the db context, user manager and signin manager to use a single instance per request
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
           ...
        }

The UserManager instance for the context can then be accessed like so:

HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();

Is there any potential issue if adding this code to the Identity Server application?

I have download the sample and I am getting this error.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ArgumentNullException: Value cannot be null.
Parameter name: certificate

Source Error:

Line 90: private List ValidateToken(string token)
Line 91: {
Line 92: var parameters = new TokenValidationParameters
Line 93: {
Line 94: ValidAudience = "codeclient",

Source File: d:\DayUsers\PramodG\Official\Projects\NewIA&A\Clients\MvcCodeFlowClientManual\Controllers\CallbackController.cs Line: 92

Stack Trace:

[ArgumentNullException: Value cannot be null.
Parameter name: certificate]
System.IdentityModel.Tokens.X509SecurityToken..ctor(X509Certificate2 certificate, String id, Boolean clone, Boolean disposable) +1958121
System.IdentityModel.Tokens.X509SecurityToken..ctor(X509Certificate2 certificate) +55
MvcCodeFlowClientManual.Controllers.CallbackController.ValidateToken(String token) in d:\DayUsers\PramodG\Official\Projects\NewIA&A\Clients\MvcCodeFlowClientManual\Controllers\CallbackController.cs:92
MvcCodeFlowClientManual.Controllers.CallbackController.ValidateResponseAndSignIn(TokenResponse response) in d:\DayUsers\PramodG\Official\Projects\NewIA&A\Clients\MvcCodeFlowClientManual\Controllers\CallbackController.cs:62
MvcCodeFlowClientManual.Controllers.d__6.MoveNext() in d:\DayUsers\PramodG\Official\Projects\NewIA&A\Clients\MvcCodeFlowClientManual\Controllers\CallbackController.cs:44
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
System.Runtime.CompilerServices.TaskAwaiter.GetResult() +21
System.Threading.Tasks.TaskHelpersExtensions.ThrowIfFaulted(Task task) +61
System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +114
System.Web.Mvc.Async.<>c__DisplayClass37.b__36(IAsyncResult asyncResult) +66
System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +47 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +136
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +102
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +49
System.Web.Mvc.Async.AsyncInvocationWithFilters.b__3d() +117
System.Web.Mvc.Async.<>c__DisplayClass46.b__3f() +323
System.Web.Mvc.Async.<>c__DisplayClass33.b__32(IAsyncResult asyncResult) +44
System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +47 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +136
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +102
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +50
System.Web.Mvc.Async.<>c__DisplayClass2b.b__1c() +72
System.Web.Mvc.Async.<>c__DisplayClass21.b__1e(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +133
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +56
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +40
System.Web.Mvc.Controller.b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +34
System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +70 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +139
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +59
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +40
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +44
System.Web.Mvc.Controller.b__15(IAsyncResult asyncResult, Controller controller) +39
System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +62 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +139
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +59
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +40
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +39
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +39
System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +39
System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +70 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +139
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +59
System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) +40
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +40
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +38
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +129

There's no description (with corresponding link) to the MVC Authentication project in readme.md of the main samples project.

Hi,

Love the server - thanks for your efforts in this; was just playing with the CustomViewService and tried to swap out the references to the CSS and JS to external CDN providers to make my views lighter but doesnt look like this is supported.

Is there a security setting blocking loading external CSS and JS? is there an option to allow this?

My console output is below.

Thanks for your efforts.

Regards,

James.

Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".
logout:7
Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap-theme.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".
logout:8
Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".

Hi there,
first: Congratulations for the beta. Great work!

the problem: Clients solution don't work out of the box on VS Express for Web/Desktop because VS Express can't open the Constant project:

Unsupported
This version of Visual Studio is unable to open the following projects. The project types may not be installed or this version of Visual Studio may not support them.
For more information on enabling these project types or otherwise migrating your assets, please see the details in the "Migration Report" displayed after clicking OK.
- Constants, "SomePath\Visual Studio 2013\Projects\Thinktecture.IdentityServer.v3.Samples\source\Clients\Constants\Constants.csproj"

Steps to reproduce:
0- install VS Express for Web and for Desktop
1- clone the Thinktecture.IdentityServer.v3.Samples
2- open the Clients solution with VSE for Web or for Desktop (and restore the NuGet Packages if needed)
3- Build the solution:

Error 1 Metadata file 'SomePath\Visual Studio 2013\Projects\Thinktecture.IdentityServer.v3.Samples\source\Clients\Constants\bin\Debug\Constants.dll' could not be found Somepath\Visual Studio 2013\Projects\Thinktecture.IdentityServer.v3.Samples\source\Clients\ConsoleResourceOwnerClient\CSC Console Resource Owner Flow

The JavaScript Client is the only that works because it has no reference to the Constant project.

Do I need to install something else?

The workaround is rather simple:
1- Create a lib-project and copy/paste the constant class.
2- Change the references.

It would be nice if you could fix it.

I want to add link in login page for forgot password
Please give me suggestion

In the 'MVC Authentication' Sample, updating V3.AccessTokenValidation to beta3-2 removes JwtTokenValidationOptions and needs to be updated to use UseIdentityServerBearerTokenAuthentication.

        app.UseIdentityServerJwt(new JwtTokenValidationOptions
            {
                Authority = "https://localhost:44319/identity"
            });

needs to be updated to:

        app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions   
            {
                Authority = "https://localhost:44319/identity"
            });

This class has been deprecated in favor of GoogleOAuth2AuthenticationOptions. The old GoogleAuthenticationOptions class is still being used in the following projects in the Samples repository:

CustomUserService
CustomViewService
EmbeddedAssetsViewService

Version 8 of the EF breaks the DisposableIdentityManagerService(IIdentityManagerService, IDisposable) constructor because the DefaultMembershipReboot no longer supports the IDisposable interface.

Just to let you know that the "CustomViewService" sample is broken. Requests to pages other than the "login" one fails with a "NullReferenceException" message because the "clientName" is null.

The right solution is applying the same procedure than in the "Login" method?
That is retrieve the client by id and provide its name to the render method.

Thank you.

Hi guys,

Thinking of creating an internal mw for my company, but I guess it could be more generalized and open sourced. Say if we standardized on form post. Wouldn't it be an idea to DRY up the login, callback-handling and signout to a common component, like a MW?

public static void UseCompanyAuth(this IAppBuilder app, CompanyAuthOptions options)
{
    JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = options.CookieName,
        LoginPath = new PathString(InternalConstants.RelativePathLoginRoute),
        ReturnUrlParameter = InternalConstants.RedirectQueryParam
    });

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = InternalConstants.TempCookieName,
        AuthenticationMode = AuthenticationMode.Passive
    });

    app.Map(InternalConstants.LoginPath, a => a.Use<FormPostLogin>(options));
    app.Map(InternalConstants.SignInCallbackPath, a => a.Use<FormPostSignInCallback>(options));
    app.Map(IdentityUrls.SignOutPath, a => a.Use<SignOut>(options));
}

FormPostLogin creates the redirect url to idsrv, while FormPostSignInCallback handles all validation (state, nonce, jwt) and claimsprincipal generation like in the Form Post sample application.

Then all clients just need to install this package, and create relative links to InternalConstants.LoginPath and IdentityUrls.SignInCallbackPath for login and logout respectively. (in addition to setting idsrvurl, clientid++). Opposed to writing the callback code in several clients I mean.

I guess it could be expanded to handle other types of flows other than form post as well, but this was just an idea.

Thoughts on such an approach? Appreciate any feedback!

This:

public bool AccpetedEula { get; set; }

should be:

public bool AcceptedEula { get; set; }

Obviously, any other references to that property needs to be fixed as well.

Hello

Continuing the issue originally opened in the IdentityServer.v3 repository ...
IdentityServer/IdentityServer3#419

We need to use the identity server based authentication in an old webforms asp.net solution that is not using OWIN / WebApi.
Is there any library that can help us to properly do the validation of the access token ?