Comments for brockallen https://brockallen.com You've got your good thing, and you've got mine Tue, 24 Mar 2020 18:59:53 +0000 hourly 1 http://wordpress.com/ Comment on Single sign-out and IdentityServer3 by Rohit https://brockallen.com/2016/02/08/single-sign-out-and-identityserver3/#comment-72119 Tue, 24 Mar 2020 18:59:53 +0000 http://brockallen.com/?p=1585#comment-72119 In reply to brockallen.

Thanks for the link Brock. It says identityServer 3 won’t have the support :( Can you recommend a way it can be done outside identityServer3 then? I tried setting in web.config file but it didn’t work for cookies generated by identity server? Any guidance will be helpful.

]]> Comment on Single sign-out and IdentityServer3 by brockallen https://brockallen.com/2016/02/08/single-sign-out-and-identityserver3/#comment-72118 Tue, 24 Mar 2020 18:50:37 +0000 http://brockallen.com/?p=1585#comment-72118 In reply to Rohit.

IdentityServer3 and upcoming SameSite Cookie changes in Browsers

]]> Comment on Single sign-out and IdentityServer3 by Rohit https://brockallen.com/2016/02/08/single-sign-out-and-identityserver3/#comment-72117 Tue, 24 Mar 2020 18:49:48 +0000 http://brockallen.com/?p=1585#comment-72117 Hi Brock, with sameSite cookie introduction in chrome, we are not able to host an application in iframe because identity server cookies are not marked with sameSite attribute None. Also, I am not seeing any options added in CookieOptions to pass this flag. Can you please guide how that can be achieved in identityServer 3?

]]> Comment on IdentityServer and Signing Key Rotation by brockallen https://brockallen.com/2019/08/09/identityserver-and-signing-key-rotation/#comment-68801 Wed, 14 Aug 2019 14:21:11 +0000 http://brockallen.com/?p=1910#comment-68801 In reply to NIkhil.

All the built-in APIs are done in Startup, so it’s static config. So all those steps I described would require a restart. As for something automatic, we will be releasing at the end of the month (Aug, 2019) a commercial component that provides automatic key management. See: https://www.identityserver.com/products for more info.

]]> Comment on IdentityServer and Signing Key Rotation by NIkhil https://brockallen.com/2019/08/09/identityserver-and-signing-key-rotation/#comment-68759 Sun, 11 Aug 2019 15:44:41 +0000 http://brockallen.com/?p=1910#comment-68759 Nice explanation. I am also trying to do same thing with Identity server but i have some questions.

1>As per above explanation do we have to create 2-3 keys in advance and put it in AddValidation keys call
.AddValidationKey(“CN=lastKeyName”).AddValidationKey(“CN=nextKeyName”) for key roatation or do we have to insert it at runtime?
2>In above blog you mentioned that “Then you can switch over and promote key2 to your active signing credential.” How this will happen as
AddSigningCredential and AddValidation Keys method gets called in ConfigureServices method which get executed at startup time only.
3>I got confused here as AddSigningCredential and AddValidation Keys method get called only one time. How this things will work automatically means after certain interval like 90 days?
Is there any option?
4>Does Identity server support automatic key rollover?

]]> Comment on Same-site cookies, ASP.NET Core, and external authentication providers by brockallen https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/#comment-68739 Sat, 10 Aug 2019 17:06:44 +0000 http://brockallen.com/?p=1895#comment-68739 In reply to synergetic.

thanks. i think i finally fixed them all!

]]> Comment on Beware in ASP.NET Core 2.0: Claims transformation might run multiple times by brockallen https://brockallen.com/2017/08/30/beware-in-asp-net-core-2-0-claims-transformation-might-run-multiple-times/#comment-68720 Fri, 09 Aug 2019 17:52:23 +0000 http://brockallen.com/?p=1798#comment-68720 In reply to bjornagoransson.

yea, that’s because their windows authN isn’t quite following the same model as the rest of the authentication services and handlers in ASP.NET Core

]]> Comment on The State of the Implicit Flow in OAuth2 by James Davidson https://brockallen.com/2019/01/03/the-state-of-the-implicit-flow-in-oauth2/#comment-68576 Thu, 01 Aug 2019 03:21:00 +0000 http://brockallen.com/?p=1885#comment-68576 Great post!

Very interesting for me because I am working on two different applications: one is AngularJS with Spring Boot (access token and refresh token) and the other is ClojureScript with Amazon Cognito (implicit flow, no refresh token).

Thanks for taking the time to write such a clear explanation.

]]> Comment on Same-site cookies, ASP.NET Core, and external authentication providers by synergetic https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/#comment-68457 Thu, 25 Jul 2019 05:56:27 +0000 http://brockallen.com/?p=1895#comment-68457 Very nice explanation. It seems to me, await next() must be called at the end; and there is also missing return statement in if block:
app.Use(async (ctx, next) =>
{
if (ctx.Request.Path == “/signin-oidc” &&
ctx.Response.StatusCode == 302)
{
var location = ctx.Response.Headers[“location”];
ctx.Response.StatusCode = 200;
var html = $@”

“;
await ctx.Response.WriteAsync(html);
return;
}
await next();
});

]]> Comment on The State of the Implicit Flow in OAuth2 by rmmeans https://brockallen.com/2019/01/03/the-state-of-the-implicit-flow-in-oauth2/#comment-68449 Wed, 24 Jul 2019 12:46:31 +0000 http://brockallen.com/?p=1885#comment-68449 Outstanding overview! Thanks. I have spent a few years in this space and led the implementation of a spec compliant OAuth2 and OIDC server (passed the OIDC tests at least) that runs on top of DynamoDB for scale. I have not however been closely watching the new spec developments – I have seen some discussion of PKCE for use in SPA’s, etc and have been wondering what’s been going on. This is very useful, thanks for the post!

]]>