The implementation of IdSvr4 is fantastic, but the docs leave a lot to be desired – I spent a good hour searching on the internet to be able to come up with a working solution. Being told to ‘read the spec’ just isn’t always helpful if you are new to a concept – which is … Read more
This answer was written for Identityserver4 on .Net core 2 to use it for .Net core 3, this answer may help you, but you need to test and change a few things. I am using asp.net Identity and Entity Framework with Identityserver4. This is my sample code, works well and JWT contains all roles and … Read more
I am pretty much sure that you are using version 4.0 or above. Let me know if I am correct? In version 4.0 and above, the code flow + PKCE is used by default, as this is more secure than Hybrid flow according to the documentation. Here is the link https://identityserver4.readthedocs.io/en/latest/topics/grant_types.html and link to relevant … Read more
While your client (application) is configured or allowed to request the openid resource (or scope), your identity server is not configured for the openid identity resource You need to add it as an identity resource similar to how its done here and have a method that returns all your identity resources that you want to … Read more
Here’s an implementation of an Authorization Code Flow with Identity Server 4 and an MVC client to consume it. IdentityServer4 can use a client.cs file to register our MVC client, it’s ClientId, ClientSecret, allowed grant types (Authorization Code in this case), and the RedirectUri of our client: public class Clients { public static IEnumerable<Client> Get() … Read more
Ensure IssuerUri is set to an explicit constant. We had similar issues with accessing Identity Server instance by the IP/hostname and resolved it this way: services.AddIdentityServer(x => { x.IssuerUri = “my_auth”; }) P.S. Why don’t you unify the authority URL to hostname:5000? Yes, it is possible for Client and API both call the same URL … Read more
First of all note that you are not using ASP.NET Core Identity there. Identity is the user management stack that builds on top of the authentication system. You appear to be using OpenID Connect with an IdentityServer as the provider, so your web application will only consume the OIDC information but not have to manage … Read more
Just in case someone else makes their way here, this happened to me because I had a typo in the path of my URL. When I corrected my typo, everything worked for me. Mini context: I was confused because I was using a Lambda authorizer for my API Gateway resource, and I didn’t even see … Read more
You really can’t compare the two. ASP.NET Identity is a database API to manage users, roles, claims, email confirmation tokens etc. Something you can use for implementing signup, login, change password etc. IdentityServer is an OpenID Connect and OAuth 2.0 implementation. It gives you features like single sign-on and API access control. This is useful … Read more
We need to enable viewing of PII logs so we can see more details about the error: Add the following line in ConfigureServices() to Startup.cs public void ConfigureServices(IServiceCollection services) { IdentityModelEventSource.ShowPII = true; //Add this line ….