RedirectToIdentityProvider notification does not indicate if it is a sign in or sign out message

Currently the ProtocolMessage object exposed in the RedirectToIdentityProvider method does not indicate if the current notification is for a sign in message or a sign out message because we don't s...

Id #252 | Release: None | Updated: Mon at 7:17 PM by praburaj | Created: Mon at 7:17 PM by praburaj

TokenValidationParameters.ValidIssuers property is ignored in WindowsAzureActiveDirectoryBearerAuthenticationOptions

WindowsAzureActiveDirectoryBearerAuthenticationOptions has a TokenValidationParameters property where one can specify Audience, ValidIssuer, ValidIssuers etc. There are a couple of issues here : ...

Id #251 | Release: None | Updated: Apr 17 at 7:27 PM by srii | Created: Apr 17 at 7:27 PM by srii

WindowsAzureActiveDirectoryBearerAuthentication middleware doesn't work with AAD PPE.

WindowsAzureActiveDirectoryBearerAuthentication middleware just takes in the tenant in the options and constructs the federation metadata document as "https://login.windows.net/{0}/Federationmetada...

Id #250 | Release: None | Updated: Apr 17 at 7:16 PM by srii | Created: Apr 17 at 7:16 PM by srii

AppBuilder.Use method doesn't allow delegate version (2 or more args).

If you look at the Use method definition of IAppBuilder interface, It says following. //----- Quote from IAppBuilder.cs on GitHub If the middleware given to Use is a Delegate, then it will be in...

Id #249 | Release: 3.0.0 | Updated: Apr 17 at 5:36 PM by Tratcher | Created: Apr 16 at 4:40 PM by xin9le

AdditionalResponseParameters for AuthorizeEndpoint in OAuthAuthorizationServerMiddleware

The OAuthAuthorizationServerMiddleware should give us the possibility, to define some additional response-parameter that are sent together with the auth-code to the client, so that one can implemen...

Id #248 | Release: None | Updated: Apr 14 at 8:10 PM by Manfred_Steyer | Created: Apr 14 at 8:10 PM by Manfred_Steyer

Support Authorization Code Flow and more response_modes in OpenIdConnectAuthenticationMiddleware

Support Authorization Code Flow and the traditional response_modes in OpenIdConnectAuthenticationMiddleware, so that interoperability is increased. Comment: The current preview of OpenIdConnectAu...

Id #247 | Release: None | Updated: Apr 15 at 12:59 PM by willdean | Created: Apr 14 at 8:00 PM by Manfred_Steyer

Unit tests for OpenIdConnectAuthentication middleware are missing from CodePlex

The unit tests for the OpenIdConnectAuthentication middleware have not been added to Codeplex.

Id #246 | Release: None | Updated: Apr 8 at 10:47 PM by willdean | Created: Apr 8 at 10:47 PM by willdean

WsFed and OIDC can call SignIn with a null identity

When OIDC reads a POST that does not belong to it, it may manage to create a AuthTicket with no identity and then call SignIn. This causes the CookieMiddleware to null ref later. WsFed may have th...

Id #245 | Release: 3.0.0 | Updated: Apr 10 at 6:45 PM by Tratcher | Created: Apr 8 at 7:18 PM by Tratcher

WsFederation middleware LoginProvider name populated with a url

Web app templates in VS 2013 tries to derive the LoginProvider out of the Issuer property value of ClaimTypes.NameIdentifier claim from the ClaimsIdentity. The value of this property looks somethin...

Id #244 | Release: 3.0.0 | Updated: Apr 7 at 7:37 PM by Tratcher | Created: Apr 4 at 6:05 PM by praburaj

[Discussion]: Wreply absolute URI will be troublesome on deploying to different environments

Wreply is an absolute URL. This is a pain when the user wants to deploy the app to different environments. For example: If I set the Wreply to http://localhost:5000/signin-wsfed while doing local t...

Id #243 | Release: 3.0.0 | Updated: Apr 4 at 9:49 PM by howarddierking | Created: Apr 4 at 5:32 PM by praburaj