How to manually validate identityserver accesstoken on the client side2019 Community Moderator ElectionIs it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?How do I get a consistent byte representation of strings in C# without manually specifying an encoding?Retrieve id_token based on access_token in APIOpenId Connect Permission/Authorization in Claims FlowOAuth2 without MVC/ASP.NET in a class (IHttpModule)Set AccessToken Validation on a .net wepapi 2 (not core) with Identity server 4How access token is validated for accessing protected resources in token based mechanism?Appropriate X.509 settings for OIDC token-signing and token-validationusing IdentityServer4.AccessTokenValidation in a legacy .net 4.6.2 projectIs it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?Authenticating WEB API 2 .net framework 4.x in identity server 4 using OIDC
Do the common programs (for example: "ls", "cat") in Linux and BSD come from the same source code?
Happy pi day, everyone!
Do I need to be arrogant to get ahead?
What exactly is this small puffer fish doing and how did it manage to accomplish such a feat?
Why does a Star of David appear at a rally with Francisco Franco?
ERC721: How to get the owned tokens of an address
et qui - how do you really understand that kind of phraseology?
About the actual radiative impact of greenhouse gas emission over time
What is the significance behind "40 days" that often appears in the Bible?
Aluminum electrolytic or ceramic capacitors for linear regulator input and output?
Employee lack of ownership
If I can solve Sudoku, can I solve the Travelling Salesman Problem (TSP)? If so, how?
Are ETF trackers fundamentally better than individual stocks?
Can I use USB data pins as a power source?
Custom alignment for GeoMarkers
Official degrees of earth’s rotation per day
Why Choose Less Effective Armour Types?
How do I hide Chekhov's Gun?
Is there a symmetric-key algorithm which we can use for creating a signature?
As a new Ubuntu desktop 18.04 LTS user, do I need to use ufw for a firewall or is iptables sufficient?
Violin - Can double stops be played when the strings are not next to each other?
Is it good practice to use Linear Least-Squares with SMA?
Is it insecure to send a password in a `curl` command?
What is the purpose or proof behind chain rule?
How to manually validate identityserver accesstoken on the client side
2019 Community Moderator ElectionIs it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?How do I get a consistent byte representation of strings in C# without manually specifying an encoding?Retrieve id_token based on access_token in APIOpenId Connect Permission/Authorization in Claims FlowOAuth2 without MVC/ASP.NET in a class (IHttpModule)Set AccessToken Validation on a .net wepapi 2 (not core) with Identity server 4How access token is validated for accessing protected resources in token based mechanism?Appropriate X.509 settings for OIDC token-signing and token-validationusing IdentityServer4.AccessTokenValidation in a legacy .net 4.6.2 projectIs it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?Authenticating WEB API 2 .net framework 4.x in identity server 4 using OIDC
I posted a question some time ago: Is it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?
. I almost did that integration manually. Now, I have some more questions: Do I need to validate an AccessToken against id_token like in the specs here : OpenID Connect Core 1.0 in
3.3.2.9. Access Token Validation section.
If yes, How can I manually do this validation? I know how to validate the AccessToken in insolate way, using ValidateToken() from JwtSecurityTokenHandler in System.IdentityModel.Tokens.Jwt, but I don't know how to validate it together with the id_token using "at_hash".
Is there any library in .net framework 4.7.1 that can be used for that?
c# identityserver4 identitymodel
asked Mar 6 at 20:51
GuilleGuille
5419
add a comment |
I posted a question some time ago: Is it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?
. I almost did that integration manually. Now, I have some more questions: Do I need to validate an AccessToken against id_token like in the specs here : OpenID Connect Core 1.0 in
3.3.2.9. Access Token Validation section.
If yes, How can I manually do this validation? I know how to validate the AccessToken in insolate way, using ValidateToken() from JwtSecurityTokenHandler in System.IdentityModel.Tokens.Jwt, but I don't know how to validate it together with the id_token using "at_hash".
Is there any library in .net framework 4.7.1 that can be used for that?
c# identityserver4 identitymodel
asked Mar 6 at 20:51
GuilleGuille
5419
Check if it helps: docs.microsoft.com/en-us/azure/active-directory/develop/…
– rad
Mar 6 at 21:19
@rad I'm going to check it
– Guille
Mar 6 at 21:38
add a comment |
I posted a question some time ago: Is it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?
. I almost did that integration manually. Now, I have some more questions: Do I need to validate an AccessToken against id_token like in the specs here : OpenID Connect Core 1.0 in
3.3.2.9. Access Token Validation section.
If yes, How can I manually do this validation? I know how to validate the AccessToken in insolate way, using ValidateToken() from JwtSecurityTokenHandler in System.IdentityModel.Tokens.Jwt, but I don't know how to validate it together with the id_token using "at_hash".
Is there any library in .net framework 4.7.1 that can be used for that?
c# identityserver4 identitymodel
asked Mar 6 at 20:51
GuilleGuille
5419
I posted a question some time ago: Is it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN?
. I almost did that integration manually. Now, I have some more questions: Do I need to validate an AccessToken against id_token like in the specs here : OpenID Connect Core 1.0 in
3.3.2.9. Access Token Validation section.
If yes, How can I manually do this validation? I know how to validate the AccessToken in insolate way, using ValidateToken() from JwtSecurityTokenHandler in System.IdentityModel.Tokens.Jwt, but I don't know how to validate it together with the id_token using "at_hash".
Is there any library in .net framework 4.7.1 that can be used for that?
c# identityserver4 identitymodel
c# identityserver4 identitymodel
asked Mar 6 at 20:51
GuilleGuille
5419
asked Mar 6 at 20:51
GuilleGuille
5419
asked Mar 6 at 20:51
GuilleGuille
5419
asked Mar 6 at 20:51
GuilleGuille
5419
asked Mar 6 at 20:51
GuilleGuille
5419
5419
Check if it helps: docs.microsoft.com/en-us/azure/active-directory/develop/…
– rad
Mar 6 at 21:19
@rad I'm going to check it
– Guille
Mar 6 at 21:38
add a comment |
Check if it helps: docs.microsoft.com/en-us/azure/active-directory/develop/…
– rad
Mar 6 at 21:19
@rad I'm going to check it
– Guille
Mar 6 at 21:38
Check if it helps: docs.microsoft.com/en-us/azure/active-directory/develop/…
– rad
Mar 6 at 21:19
Check if it helps: docs.microsoft.com/en-us/azure/active-directory/develop/…
– rad
Mar 6 at 21:19
@rad I'm going to check it
– Guille
Mar 6 at 21:38
@rad I'm going to check it
– Guille
Mar 6 at 21:38
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55031925%2fhow-to-manually-validate-identityserver-accesstoken-on-the-client-side%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55031925%2fhow-to-manually-validate-identityserver-accesstoken-on-the-client-side%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Check if it helps: docs.microsoft.com/en-us/azure/active-directory/develop/…
– rad
Mar 6 at 21:19
@rad I'm going to check it
– Guille
Mar 6 at 21:38