The implementation of IdSvr4 is fantastic, but the docs leave a lot to be desired – I spent a good hour searching on the internet to be able to come up with a working solution. Being told to ‘read the spec’ just isn’t always helpful if you are new to a concept – which is … Read more
First, to solve this issue, you need to find out what the error is. Set this in your Startup.cs to reveal the real error (not recommended for a production environment): if (env.IsDevelopment()) { IdentityModelEventSource.ShowPII = true; } In my case, I had a proxy issue running it locally inside the corporate network.
This answer was written for Identityserver4 on .Net core 2 to use it for .Net core 3, this answer may help you, but you need to test and change a few things. I am using asp.net Identity and Entity Framework with Identityserver4. This is my sample code, works well and JWT contains all roles and … Read more
I am pretty much sure that you are using version 4.0 or above. Let me know if I am correct? In version 4.0 and above, the code flow + PKCE is used by default, as this is more secure than Hybrid flow according to the documentation. Here is the link https://identityserver4.readthedocs.io/en/latest/topics/grant_types.html and link to relevant … Read more
While your client (application) is configured or allowed to request the openid resource (or scope), your identity server is not configured for the openid identity resource You need to add it as an identity resource similar to how its done here and have a method that returns all your identity resources that you want to … Read more
jwt.io says to enter the key Public Key or Certificate. Enter it in plain text only if you want to verify a token so I have converted the JSON Web Key to a PEM format guessing it would need a base64 format, and it works!. This is the public key built from modulus and exponent … Read more
You are effectively asking your users to trust that Application1 will manage their keycloak credentials securely. This is not recommended because better security is achieved if the user is redirected to keycloak to enter their credentials. In an ideal world no client application should be handling or have access to user credentials. It defeats the … Read more
I like this Medium post about the difference, all cred to this author. https://medium.com/@nilasini/id-token-vs-access-token-17e7dd622084 If you are using Azure AD B2C like I am you can read more here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect ID Token You will get id token if you are using scope as openid. Id token is specific to openid scope. With openid scope you … Read more