Securly Storing OpenID identifiers and OAuth tokens

First, there is a registered application that has consumer_key and consumer_secret. When users authenticate and “allow” your registered application, you get back: an access_token that is considered the user’s “password” and would allow JUST YOUR application to act on the user’s behalf. So, getting just the user’s access_token from your database won’t help much if … Read more

Changing the action of a form with JavaScript/jQuery

jQuery (1.4.2) gets confused if you have any form elements named “action”. You can get around this by using the DOM attribute methods or simply avoid having form elements named “action”. <form action=”foo”> <button name=”action” value=”bar”>Go</button> </form> <script type=”text/javascript”> $(‘form’).attr(‘action’, ‘baz’); //this fails silently $(‘form’).get(0).setAttribute(‘action’, ‘baz’); //this works </script>

How do I implement ‘sign in with google’ on my site?

If you plan to use OpenID, use that. Google is already an OpenID 2.0 provider. Google’s OpenID provider is located at: https://www.google.com/accounts/o8/ud (NOTE: There’s no point visiting that URI in your browser, but it does work for OpenID.) This is primarily addressed on the Accounts API page, which also addresses OAuth and the hybrid and … Read more

How to add custom claims to access token in IdentityServer4? [closed]

You should implement your own ProfileService. Have a look in this post which I followed when I implemented the same: Extending Identity in IdentityServer4 to manage users in ASP.NET Core Here is an example of my own implementation: public class ProfileService : IProfileService { protected UserManager<ApplicationUser> _userManager; public ProfileService(UserManager<ApplicationUser> userManager) { _userManager = userManager; } public … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)