Was going through the WebMVCClient example and the auth token caching implementation, when I found that the ApiTokenCacheClient is offsetting the expiration by the number of seconds in tokenResponse.ExpiresIn and also setting a sliding expiration of 1 day on top of that. Conversely, the ApiTokenInMemoryClient is only offsetting by the tokenResponse.ExpiresIn.
Is the expiration not a fixed point in time after being offset by the ExpiresIn value? Does sliding expiration do anything in this case? I'm assuming the token will be considered expired after the ExpiresIn has lapsed?
Maybe make passing reference to CSP.UseCspReportOnly, super helpful on initial efforts into CSP. I am still lost on CSP level 2 and level 3 and just how much of a priority they should be. CanIUse shows CSP 1 at 94% globally, CSP2 at 80%. Not sure what to aim for.
Scott Helme
You can use CSP 2 and CSP 3 features and be backwards compatible. At a minimum I'd say CSP 2.
I've run the IdentityStandaloneMfa project and tried mfa with google and Microsoft authenticator, but this function VerifyTwoFactorTokenAsync always returns false
also i tried to set EmailConfirmed to true and did not work
I am getting this error when using WebCodeFlowPkceClient. I have configured all the parameters and succeed in getting authorization code and token, but after that above error is showing. Can you, please, help me? Am I doing something wrong?
Those are my parameters:
options.ClientId = config["Connection:ClientId"];
options.ClientSecret = config["Connection:ClientSecret"];
options.Scope.Clear();
options.Authority = config["Connection:Uri"];
options.CallbackPath = new PathString("/signin");
options.SignInScheme = "Cookies";
options.RequireHttpsMetadata = true;
options.ResponseType = "code";
options.ResponseMode = "query";
options.UsePkce = true;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;