Comments (7)
Think about cookie or DB for persisting request message to support POST requests to authorize endpoint.
from identityserver3.
I'm wondering if the authorize endpoint should issue the cookie and not pass a protected query string. Seems a little much the way we did it. shrug
from identityserver3.
We don't need the protected query string. But issuing the cookie is def not the job ob the authZ endpoint.
from identityserver3.
It doesn't have to specifically be the authZ endpoint, but the action result or whatever. I'm just talking out loud -- the protected query string feel a little much given that these two are in the same middleware.
from identityserver3.
True. This comes from a discussion where the authZ endpoints wants to pass data to the login endoint in a "trusted way". As I said - we don't need it and it adds complexity right now. Wanna remove it?
from identityserver3.
Yea, I'll look at it Monday and think if there's a cleaner way. In short, I need a cookie in the all the authentication code anyway, so i was thinking why not use issue it and skip the query string. I also want a better API/abstraction for managing the cookie data. So that's all related.
from identityserver3.
We gonna keep the SignInMessage infrastructure, I switched everything to the new IDataProtector which by default is provided by the host.
from identityserver3.
Related Issues (20)
- CustomUserService with Redis cache: Looking for validation that I am doing it properly HOT 1
- User X509 certificate HOT 6
- How to get all active clients for current session HOT 1
- Exception cleaning tokens is a recurring error that appears. HOT 1
- Need to change the validation message when login HOT 1
- Mixed authentication MVC controller HOT 2
- Force users to login for authorization endpoint HOT 4
- IdentityServer3 HOT 2
- Logout Problem with MvcViewService Implementation HOT 1
- How to set strong password restriction HOT 1
- How to sign my JWT using Firebase private key to integrate with IdentityServer HOT 1
- IdentityServer3 when I submit a form to login sometimes it is very slow HOT 5
- how to use IdentityServer3 in the webform with .net framework 4.0 HOT 4
- Why not just render the login page in the first login requst? HOT 2
- Refresh Tokens
- Any sample with android and retrofit? HOT 2
- React native client example? HOT 1
- "No signin id passed" message
- Custom user service doesn't work with Facebook as external login provider. HOT 1
- Question about single sign out with Identity Server 3 hybrid flow
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver3.