IdentityServer4

IdentityServer4 copied to clipboard

The IdentityServer4.ResponseHandling.DiscoveryResponseGenerator does not honor IdentityServer4.Models.Resources.OfflineAccess property value and always adds "offline_access" to the scopes list (https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/src/ResponseHandling/Default/DiscoveryResponseGenerator.cs, line 233). Thus the offline access is always advertised in the discovery document....

alexnovokshanov

IS4 Login redirect do not work behind HAProxy

1

Hi I am using Identity Server 4 in production environement behind HAProxy on PFSense when I try https://myhostname.com/.well-known/openid-configuration works, but when I use the redirect login something like http://myhostname.com/connect/authorize?client_id=js&redirect_uri=https%3A%2F%2Fmyhostname.com%2Fcallback.html&response_type=code&scope=openid%20profile%20manservice%20offline_access&state=c4b29402bb324d0da1e71fae3a8af3f3&code_challenge=F51DRa49-Mv0-yywL3RGnFrjH6stBzi4M4qJrtQej30&code_challenge_method=S256&ui_locales=en-GB. The...

sunch1ld

Scope can be assigned even if it is not existing

1

### Issue ClientScopes (ApiScopes and IdentityResources) can be assigned to clients even if the scopes do not exist. Same applies for ApiResourceScopes that are not created in table ApiScopes. ###...

bertschronja

Security token expired

2

Hey, We have an issue when requesting new tokens. Every so often the IdentityServer hands out new tokens that are already expired. We have checked the clocks on the microservices,...

SamAchten

Token validation options

7

**What issue does this PR address?** #4965 - Multiple valid issuers **Does this PR introduce a breaking change?** NO

pecanw

Hi, Why the revoke token process removes all refresh token for a subjectid and clientid?This causes that if I login into my app in several devices, logging out in one...

juanan

I´m currently testing to establish a connection to the public [DFN-AAI ](https://www.aai.dfn.de/) authentication service over saml protocol. We are using the rsk saml2p plugin. I configured the provider in my...

CTBT

at file `Validation/Default/EndSessionRequestValidator.cs` line 125: ``` validatedRequest.Client = tokenValidationResult.Client; ``` This line sets the `Client` property directly, without calling `validatedRequest.SetClient(tokenValidationResult.Client)`. This causes the `ClientId` property left as `null`, which will...

lynnboy

TokenCleanupService using full table scan

7

We have tens of millions of rows in the PersistedGrants table and this block is resulting in a full scan during clean up: https://github.com/IdentityServer/IdentityServer4/blob/07898a61dc22ce9a95e5fc5611fa674feac4230e/src/EntityFramework.Storage/src/TokenCleanup/TokenCleanupService.cs#L77-L81 Sorting by the same column used...

edmacdonald

### Issue / Steps to reproduce the problem I implemented a custom AuthorizeInteractionResponseGenerator and added it at startup using AddAuthorizeInteractionResponseGenerator(). My custom AuthorizeInteractionResponseGenerator looks something like this [Example](https://github.com/IdentityServer/IdentityServer4/issues/1944#issuecomment-359942217). However, the...

VolkerFried