for some unknown reason (for me) when the openid connect middleware makes the request for the idsrv for the very first time in incognito mode (chrome and firefox tested) the nonce cookie i...
Id #474 | Release:
| Updated: Oct 17 at 6:13 PM by Tratcher | Created: Oct 17 at 12:45 PM by be4i
The IAuthenticationTokenProvider interface has no documentation on how it should be implemented.
Id #473 | Release:
| Updated: Oct 6 at 7:55 AM by bgever | Created: Oct 6 at 7:55 AM by bgever
If sliding expiration has been turned on or signing out/signing in a user in code cause owin to generate and try to send a new cookie to the client. It also generates an application error and in ev...
Id #472 | Release:
| Updated: Sep 29 at 7:25 PM by danw22 | Created: Sep 29 at 7:25 PM by danw22
Stumbled across this error. An exception (due I think to a client closing a connection early on a transfer) caused an exception. I log exceptions to Application Insights and AI does not perm...
Id #471 | Release:
| Updated: Sep 28 at 5:37 AM by MarkDavies | Created: Sep 28 at 5:37 AM by MarkDavies
I think I found an issue in Microsoft.Owin.Security.Cookies.CookieAuthenticationHandler class, method ApplyResponseGrantAsync. There is a line (within "else if (_shouldRenew)" block) of where cooki...
Id #470 | Release:
| Updated: Sep 15 at 9:28 AM by JaapMosselman | Created: Sep 15 at 9:28 AM by JaapMosselman
Method HandleCorsRequestAsync in CorsMiddleware calls TryEvaluateCorsPolicy which if an origin is not allowed the CorsEngine will add an error to CorsResult.ErrorMessages collection which also make...
Id #469 | Release:
| Updated: Sep 15 at 9:12 PM by Tratcher | Created: Sep 12 at 8:46 PM by JoLu1977
OWIN Pipeline throwing exception
at Microsoft.IdentityModel.Protocols.AuthenticationProtocolMessage.SetParameter(String parameter, String value)
Id #468 | Release:
| Updated: Sep 8 at 10:57 PM by Tratcher | Created: Aug 30 at 10:38 PM by bharatgupta486
UseFacebookAuthentication() supports option includling email scope:
var opt = new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions()
AppId = System.Confi...
Id #467 | Release:
| Updated: Aug 29 at 5:22 PM by Tratcher | Created: Aug 28 at 4:02 AM by darkthread
JwtSecuritTokenHandler has a ValidateToken(...) method which performs all of the core token validation - signature, issuer, replay detection, lifetime, audience. If validation fails you get an exce...
Id #466 | Release:
| Updated: Aug 7 at 9:14 PM by philco | Created: Aug 7 at 9:12 PM by philco
The misbehavior (and some workarounds) has been discussed on Stackoverflow already:
A TraceListener, that was regis...
Id #465 | Release:
| Updated: Jul 13 at 1:35 PM by ML8448 | Created: Jul 13 at 1:35 PM by ML8448