servicestack-authentication-identityserver icon indicating copy to clipboard operation
servicestack-authentication-identityserver copied to clipboard

Published 20 hours ago verified publisher icon wwwlicious

UserAuthProvider and Identity Server 2.3.2 not working without Referrer

Open ted1408 opened this issue 6 years ago • 0 comments
trafficstars

Identity Server sets the referrer policy to no-referrer which seems to cause the logic inside UserAuthProvider.AuthenticateAsync to fail. The IsCallbackRequest function seems to depend on the UrlReferrer and verifies that it matchs the AuthRealm. It would seem like rolling back the Identity Server "security enhancement" would not be a good idea. Thoughts?

ted1408 avatar Mar 18 '19 16:03 ted1408