aguafrommars / theidserver Goto Github PK

• Add a table to configure claims transformation
• Add service transforming claims from external provider
• Add a UI to configure claims transformation per provider

Apologies for bad format of this bug report - just under a bit of time pressure.

When there is more than one RedirectUri for a client, the CORS flag is not being set correctly.
This is because in Aguacongas.IdentityServer.Store.EntityExtensions, the public static Entity.Client ToEntity(this Client client) uses a FirstOrDefault match against the AllowedCors list. Changing this to a foreach loop with Where fixes this issue (I think).

foreach (var origin in client.AllowedCorsOrigins)
          {
              var cors = new Uri(origin);
              **foreach (var uri in uris.Where(u => cors.CorsMatch(u.Uri)))**
              {

Cheers,

Ben

'PropertyValidatorContext' is obsolete: 'The PropertyValidatorContext class is deprecated and will be removed in FluentValidation 11

Provide a dotnet new template to create either API only, Full Server, Proxy Server, Admin UI projects

Describe the bug
The export button redirect to an error page

To Reproduce
Steps to reproduce the behavior:

Setup the client to use a JWT token instead of reference token
Go to an admin page
Select entity to export
click export button
See error
Expected behavior
The json file should be downloaded

Describe the bug
The solution's build end with errors on the three MultiTiers projects (Api, Private and Public)

To Reproduce
Steps to reproduce the behavior:
-- Just open the solution, restore and update dependencies and try to build the solution or one of the MultiTiers samples.

Expected behavior
Simple a successful build without error

Logs
If applicable, add logs to help explain your problem.

Platform (please complete the following information):

• OS: Windows 10
• .Net Core Version 5.0.9

Additional context
Nothing specific, just missing dependencies and probably unfinished features.

Describe the bug
Hit F5 on user details page throw a concurrent thread exception.

Support WS-Federation external provider

Add license :

• Pomelo.EntityFrameworkCore.MySql
• Npgsql.EntityFrameworkCore.PostgreSQL

In a third party notice

Howdy :)

When using RavenDB as store, Clients created prior to 2bb302 lose settings on save if edited in the UI (no changes made to the affected properties).

Before:
{... "AllowedGrantTypes": [ { "Id": "clientgranttype/d90b4ce8-fd22-44d5-8603-fa65e9dd69cb", "ClientId": null, "GrantType": null, "CreatedAt": "0001-01-01T00:00:00.0000000", "ModifiedAt": null, "Client": null } ], "RedirectUris": [ { "Id": "clienturi/a142fea6-1b57-4718-83f4-36bc78b3bfe2", "ClientId": null, "Uri": null, "SanetizedCorsUri": null, "Kind": 0, "CreatedAt": "0001-01-01T00:00:00.0000000", "ModifiedAt": null, "Client": null } ], "AllowedScopes": [ { "Id": "clientscope/8b9ec9b8-54a9-4b82-b847-3110012c3e03", "ClientId": null, "Scope": null, "CreatedAt": "0001-01-01T00:00:00.0000000", "ModifiedAt": null, "Client": null } ], ... }

After:
"AllowedGrantTypes": null, "RedirectUris": null, "AllowedScopes": null,

The server pass the oidcc-basic-certification-test-plan with some warnings. It is anticipated that it will pass the certification process, but we need your assistance. Please sponsor this project to help us pay the required certification fee.

Choose your favorite:

• github sponsor,
• issuehunts
• liberapay

Please explain:
How to solve the following problems?

While run TheIdServer Admin (Aguacongas.TheIdServer.IS4) on localhost:44382,
An unhandled exception has occurred. See browser dev tools for details.

Failed to load resource: net::ERR_CONNECTION_REFUSED
:5443/api/culture?orderby=Id&select=Id:1
:5443/api/localizedresource?orderby=CultureId&filter=CultureId%20eq%20%27zh-TW%27%20or%20CultureId%20eq%20%27zh-Hant%27:1
:5443/.well-known/openid-configuration:1
:5443/api/culture?orderby=Id&select=Id:1
:5443/api/welcomefragment?culture=zh-TW:1

thank you very much!

with https://github.com/Sustainsys/Saml2 or https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2

On mobile devices (or when compact nav layout is active) Register and Login links are not visible (ie cannot login)

Provide kubernetes yaml files to deploy a complete solution

When external claims is too big, a Request header too long is thrown by Kestrel

• Add UI to revoke keys
• Add key revocation propagation

Follow this article https://www.scottbrady91.com/aspnet-identity/improving-the-aspnet-core-identity-password-hasher

The custom identity resource will take is configuration from client properties and its properties.

• Add a web service interface for the custom identity resource
• Add a custom identity resource web service client
• Add user interface to manage the custom identity resource

A more thorough review and revision of the current documentation is needed. This should include edits for clarity, grammar, punctuation, and spelling.
This task is to be completed by @roblthegreat.
A pull request will follow.

I bet you hate seeing all these new bug reports from me.

In relation to log error:

[19:23:11 Error] Aguacongas.IdentityServer.Admin.Services.TokenCleanerHost
Exception removing expired grants: Raven.Server.Documents.Queries.Parser.QueryParser+ParseException: 2:25 Expected end of query but got: -03-29T21:53:11.0026085Z

In your RQL functions (e.g. for OneTimeToken cleanup), you need to wrap dateTime in quotes e.g.
from OneTimeTokens where Expiration < 2021-03-29T21:53:11.0026085Z order by CreatedAt

becomes

from OneTimeTokens where Expiration < "2021-03-29T21:53:11.0026085Z" order by CreatedAt

ISO8601 dates are sorted lexicographically provided they are in the same timezone (these all appear to be UTC).

We need an hosted service to cleanup user consents and tokens

What are you thoughts on incorporating AspNetCore.Diagnostics.HealthChecks into Aguacongas.TheIdServer?

In the first instance this could be as simple as adding a healthcheck to ensure the IdSrv discovery endpoints are available - with enhancements covering the DB providers etc if necessary. In this most basic configuration, it shouldn't add more than a few lines of configuration code - there's even an IdentityServer healthcheck already available.

Given that I think the project is very conducive to being part of a microservices architecture, the healthchecks would allow for common orchestration tools to check the health status.

Update IS4 packages and adapt the code

Support OpenID Connect Dynamic Client Registration 1.0

for admin app

Implements WS-Federation server from sample https://github.com/IdentityServer/IdentityServer4.WsFederation

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to Login
2. Click on an external provider
3. The user is not redirected to the app

Expected behavior
The user should be redirected to the calling app

Logs

No user found matching subject Id: {external user id}

At the moment it's not possible to cancel navigation using the built-in navigation manager.
Shaun Curtis offer a solution to add this functionality in CEC.Routing

Describe the bug
Click on a user, Sorry, there's nothing at this address. is displayed

Describe the bug
The export button redirect to an error page

To Reproduce
Steps to reproduce the behavior:

1. Go to an admin page
2. Select entity to export
3. click export button
4. See error

Expected behavior
The json file should be downloaded

Logs

Support all DB engine supported by EF

Export settings to a json file and import settings from that file

add RavenDb stores

• Add an API to create a PAT for the current user
  • Any connected user can create PAT for an API based on its claims
• Add a view to create PAT

Duende Sample

Hi, in the server project with default configuration - authenticating in the Swagger UI (OAuth) and running examples that require authentication do not work. I believe this is because the token type for the swagger client is Jwt, whereas the rest of the example uses ReferenceTokens.

Changing the AccessTokenType to Reference fixes the issue and the API works correctly.

It'd be good if the example project could be configured to use Jwt for the API endpoint to show mixed use scenarios.

Cheers,

Ben

Implement a key rotation and configuration in app

Describe the bug

1. The documentation is not clear about using SendGrid of another email provider. Providing working elements for each case would have a significant impact since each case seems to be partially implemented.

2. After implementing an email client, the registration and other processes like email updates and password changes, etc., that rely on security tokens to be generated, wouldn't and cannot work under the current architecture.

• Mainly, the UserManager and TokenProvider are different instances between the generation and validation of those tokens since they are disposed of and instantiated on each use of services.
  

• The tokens must be validated by the same instance that generated them and the user must also have an unchanged SecurityStamp otherwise the TokenProvider validation process always returns InvalidToken.
  

To Reproduce
Steps to reproduce the behavior:

1. Run TheIdServer
2. Register a new user, rinse and repeat.

Expected behavior
A functional registration and validation process where the user receives an email to confirm its address or changes.
The link he receives and the token it contains must be valid upon confirmation.

Logs
If applicable, add logs to help explain your problem.

Platform (please complete the following information):

• OS: Windows 10 Pro
• .Net Core Version 5.0.9

Additional context

Prepare next version for .Net 5

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to Home page
2. Click on Register
3. The user is redirect to the login page

Expected behavior
The user should be redirected to the register page.

Support multiple language in non admin pages

Howdy :)

Pretty sure that And has to be and .... otherwise there's a syntax error thrown by OData.

GrantStore.cs

 protected virtual async Task<TEntity> GetEntityBySubjectAndClient(string subjectId, string clientId)
        {
            return (await _store.GetAsync(new PageRequest
            {
                Filter = $"{nameof(UserConsent.UserId)} eq '{subjectId}' **and** {nameof(UserConsent.ClientId)} eq '{clientId}'"
            }).ConfigureAwait(false)).Items.FirstOrDefault();
        }

Describe the bug
While reviewing the documentation, noted some minor spelling and grammar issue.

To Reproduce
N/A

Expected behavior
N/A
Logs
N/A
Platform (please complete the following information):
N/A

Additional context
This is only with documentation and is not code or functionality related. I have made a first pass at correcting some of the documentation and have submitted a PR #159

Create a daily build checking solution dependencies and automatically update dependencies

We need your help to translate the app in yours languages.
The file Localization-fr.json contains the translation in French.
You're warmly welcome to post a PR with your translation file.

Read doc/Localization.md for more information about localization in TheIdServer.