Cookie auth middleware only uses first identity instead of all

The cookie authentication middleware uses AuthenticationResponseGrant.Identity when issuing the cookie. unfortunately this property only contains the first identity in the list of identities availa...

Id #415 | Release: None | Updated: Jun 25 at 3:27 PM by Tratcher | Created: Jun 25 at 2:38 PM by ZeroKoll

The type 'Microsoft.Owin.IOwinContext' is defined in an assembly that is not referenced. You must add a reference to assembly 'Microsoft.Owin, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'

I was trying to debug a latest Angular JS app application with Katana Source (http://katanaproject.codeplex.com/SourceControl/latest#README) to learn underlying katana implementations, but keep fa...

Id #412 | Release: None | Updated: Jun 9 at 3:13 PM by Tratcher | Created: Jun 6 at 11:11 PM by HydTechie

ApplicationCanDisplayErrors does not work with ASP.NET MVC

I'm trying to setup an authorization server with the OAuthAuthorizationServer middleware on an ASP.NET MVC5 web application. I've set ApplicationCanDisplayErrors to true, but when validation of th...

Id #411 | Release: None | Updated: Jun 7 at 6:14 AM by barryhagan | Created: Jun 6 at 10:24 PM by barryhagan

Cookie Authentication Redirect URL is Absolute

When using Cookie Authentication, the redirect URL generated is absolute - it includes the protocol and hostname, rather than just being a relative URL. This works fine for "normal" scenarios, but...

Id #410 | Release: None | Updated: Jun 5 at 7:02 AM by rlawley | Created: Jun 4 at 10:01 AM by rlawley

Possible deadlock on AuthenticationHandler.OnSendingHeaderCallback

Hi, I'm observing what seems to be a deadlock on the AuthenticationHandler.OnSendingHeaderCallback method, due to the Wait() call on the task received from ApplyResponseAsync. I'm using the OID...

Id #409 | Release: None | Updated: Jun 26 at 10:09 AM by jageall | Created: May 31 at 11:31 PM by pmhsfelix

OpenIdConnect: invalid nonce doesn't prevent user from signing in

This post was originaly posted on Thinktecture.IdentityServer3 bug tracker. https://github.com/IdentityServer/IdentityServer3/issues/1346 Guys said it's microsoft issue. Seems like even if nonce...

Id #408 | Release: None | Updated: May 25 at 12:45 PM by balbelias | Created: May 22 at 2:23 PM by balbelias

Upgrade invalidated tokens

In Nuget Manager, I recently upgraded all Owin packages: Microsoft.Owin : 3.0.0.0 to 3.0.0.1 Microsoft.Owin.Security 3.0.0.0 to 3.0.1.0 Microsoft.Owin.Secu...

Id #407 | Release: None | Updated: May 14 at 6:45 PM by cjrogala | Created: May 14 at 6:45 PM by cjrogala

Running OwinHost as daemon on Linux under mono exits prematurely

OwinHost starts up and then waits for enter to be pressed. On Linux/mono, when running as a daemon, a call to ReadLine() returns EOF immediately, causing OwinHost to exit prematurely. There shoul...

Id #405 | Release: None | Updated: Jun 18 at 1:35 PM by Tratcher | Created: Apr 16 at 5:19 PM by swish014

Inspect "X-Forwarded-Proto" when creating redirect URI

OpenIdConnectAuthenticationHandler.CurrentUri merely takes the URI of the OWIN request and disregards the value of the "X-Forwarded-Proto" header. Thus if the application is behind a load balancer ...

Id #404 | Release: None | Updated: Apr 14 at 5:28 PM by omidkrad | Created: Apr 14 at 5:43 AM by rasmusnu

JwtBearerAuthenticationOptions with TokenValidationParameters doesn't work as expected

Hi ! I have a OWIN Web API (IIS hosted) secured with OAuth2 JWT tokens. The authentication options are configured like this : var options = new JwtBearerAuthenticationOptions { ...

Id #403 | Release: None | Updated: Mar 11 at 7:32 PM by ultraman69 | Created: Mar 11 at 6:57 PM by ultraman69