aruss / identitybase Goto Github PK
View Code? Open in Web Editor NEWIdentityBase is a Universal Identity Platform for web, mobile and IoT built on top of IdentityServer.
Home Page: http://identitybase.net
License: Apache License 2.0
IdentityBase is a Universal Identity Platform for web, mobile and IoT built on top of IdentityServer.
Home Page: http://identitybase.net
License: Apache License 2.0
A user should be able to use recover function if the user account is not yet confirmed since the recovery function sends the mail and by doing so confirms the email address.
in every project is used the version 2.0.2 of Microsoft.EntityFrameworkCore, except for the IdentityBase.EntityFramework.IntegrationTests, that is still used the 2.0.1 version.
Current plugin architecture is inspired more or less by ExtCore so you have a bunch of folders with lot of dlls and you load them on app start in your current app domain, that works but it is a crappy way to do it, since you don't use the whole fancy dotnet core lazy assembly loading stuff but instead loading all the assemblies on startup.
Another idea would be to check out NopCommerce they just copy all the assemblies to one directory and just load the initial assemblies of each plugin, the rest will be discovered automatically since all the required assemblies are in one folder. This way the startup times wouldn't increase, but it is still crap since it copies files around and if your process breaks in the middle of it the application ends up in crippled and you have to handle such cases.
It would be nice if probing path feature would work like it worked in former .net versions. Then you would just need to change a configuration for additional plugins and load only the initial assembly of each active plugin manually. But this feature does not work as expected in current dotnet core version, see https://github.com/dotnet/coreclr/issues/18683
If someone has a nice idea to make it simple, please share
When do you finish the function?such as Authentication API,Multitenancy,Administration dashboard etc.
TBD;
Generation of links should be done via HTTP API
Example request
{
"returnUrl": "http://localhost:21402/fancy-campaign",
"validTil": "2019-04-23T18:25:43.511Z",
"validateUrl": "http://localhost:21402/check?fancy-compain",
"lifetime": 1337,
"userAccounts": [
"alice@localhost",
"bob@localhost",
"bill@localhost"
]
}
Example response
{
"results": [{
"email": "alice@localhost",
"activateUrl": "http://localhost:5000/foo/activate/6970e2e5-3e8a-4da3-a4cf-cc8cb137ab5b",
"authUrl": "http://localhost:5000/foo/login/f4fe3d17-d524-4efb-809d-02e17e46f158"
}, {
"email": "bob@localhost",
"activateUrl": "http://localhost:5000/foo/activate/f3df273e-0b7f-4cb8-ab7d-2cdff8b02482",
"authUrl": "http://localhost:5000/foo/login/793f94ac-f6c2-42d7-a880-b1f4005a364c"
}, {
"email": "bill@localhost",
"activateUrl": "http://localhost:5000/foo/activate/e41e570a-5e0c-4759-9e67-4889f9683b8e",
"authUrl": "http://localhost:5000/foo/login/bcc56959-8e79-41d6-b050-5e9d485b290d"
}]
}
Remove options CancelAfterAccountRecovery
, CancelAfterAccountConfirmation
that cancels the registration and confirmation flows, the flows should have only tree following outcomes.
LoginAfterAccountRecovery
or LoginAfterAccountConfirmation
is set to true then it should automatically authenticate and redirect to RPLoginAfterAccountRecovery
or LoginAfterAccountConfirmation
is set to false then it should display the login pagesh dotnet ef migrations add init --context MigrationDbContext
then
error message : Your startup project 'IdentityBase.EntityFramework.SqlServer' doesn't reference Microsoft.EntityFrameworkCore.Design. This package is required for the Entity Framework Core Tools to work. Ensure your startup project is correct, install the package, and try again.
Show validation errors on corresponding input elements.
Use default validation patterns explained here https://docs.microsoft.com/en-us/aspnet/core/mvc/models/validation?view=aspnetcore-2.1
Use jQuery unobtrusive validation for default theme.
If error occurs on token verification page a login/resister form should be displayed or at least the links to this forms should be provided since the client ID is present.
An option to add a custom link that will be displayed side by side with "forgot password" links.
Used for adding links for e.g. terms and privacy agreements.
Rewrite default theme with Bootstrap4 https://getbootstrap.com
Add javascript validation
Hello
Thank you for a great job by putting all the stuff of an IdentityServer together. I faces a problem on finding the 1.1.21 version of ServiceBase library. Until found the ling where I can found current version.
Do you plan to update nuget package for the ServiceBase library? I'm sure that this will help for new people who will try your package.
Thank you!
Add https://developers.google.com/recaptcha/docs/v3 as a plugin
Requires #19 to be implemented first.
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\geffzhang\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
Hosting environment: Development
Content root path: D:\workshop\Github\IdentityBase\examples\AspNetCoreApi
Now listening on: http://localhost:3721
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:3721/identity
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
Failed to validate the token.
**### Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'http://localhost:5000/resources'. Did not match: validationParameters.ValidAudience: 'api1' or validationParameters.ValidAudiences: 'null'.**
at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateAudience(IEnumerable`1 audiences, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
BearerIdentityServerAuthenticationJwt was not authenticated. Failure message: IDX10214: Audience validation failed. Audiences: 'http://localhost:5000/resources'. Did not match: validationParameters.ValidAudience: 'api1' or validationParameters.ValidAudiences: 'null'.
info: IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler[7]
Bearer was not authenticated. Failure message: IDX10214: Audience validation failed. Audiences: 'http://localhost:5000/resources'. Did not match: validationParameters.ValidAudience: 'api1' or validationParameters.ValidAudiences: 'null'.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Route matched with {action = "Get", controller = "Identity"}. Executing action AspNetCoreApi.Controllers.IdentityController.Get (AspNetCoreApi)
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: BearerIdentityServerAuthenticationJwt was challenged.
info: IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action AspNetCoreApi.Controllers.IdentityController.Get (AspNetCoreApi) in 27.5545ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 563.9129ms 401
If user clicks on cancel link in the registration confirmation mail the created user should be removed, since there is no way anymore to create a account with same email address. Only way then is to recover account by using recovery form.
Each client should be able to override basic application configuration like
EnableLocalLogin
AccountLockoutDuration
RequireLocalAccountVerification
RequireExternalAccountVerification
EnableAccountDeletion
EnableLoginHints
and so on...
Remove "User already exists" message on registration, instead just display the message that further instruction is sent via email. Maybe send an actual email with account recovery link, but then protect the form with captcha to avoid spamming mailboxes.
On the registration form, there is no reCAPTCHA validation.
Create options for reCAPTCHA plugins to be able to select which form should contain the reCAPTCHA validation.
Cleanup the configuration and switch to YAML files.
If user already have a account with the same email and the AutomaticAccountMerge
option is set to true the IdentityBase should merge the accounts automatically.
If AutomaticAccountMerge
set to false a screen should be displayed asking the user if he wants to proceed and merge accounts or use a different account.
Blocked by #25
Check if the error is in the configuration of IdSrv.
[10:45:11 VRB] returnUrl is valid
[10:45:11 VRB] returnUrl is valid
[10:45:11 DBG] Start authorize request protocol validation
[10:45:11 DBG] mvc.hybrid found in database: True
[10:45:11 DBG] Checking for PKCE parameters
[10:45:11 DBG] No PKCE used.
[10:45:12 DBG] Found ["email", "openid", "profile"] identity scopes in database
[10:45:12 DBG] Found ["idbase", "api1"] API scopes in database
[10:45:12 DBG] Found ["email", "openid", "profile"] identity scopes in database
[10:45:12 DBG] Found ["idbase", "api1"] API scopes in database
[10:45:12 DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
[10:45:12 VRB] Authorize request protocol validation successful
[10:45:12 VRB] AuthorizationRequest being returned
[10:45:12 VRB] AuthorizationRequest being returned
Create a docker example for following scenario
With
Introduce a dynamic form logic, so plugins can inject form controls.
Display state of email confirmation in user account page, and provide a button for resending the confirmation mail.
Add account page where user can see his information and change email and password.
Show success notifications for
I have 2 products / applications
I would like to create an SSO for my users.
But for each application, needs a TenantId to filter information in the database
Any idea? Solution?
For use cases like WebApi.AutorityUrl
the reverse proxy should be able to override the hostname via HTTP header.
Add all the out of the box available third party authentication providers.
If the login_hint
parameter is present in authorization request then pre-fill the user name input field.
InvalidOperationException: The view 'Confirm' was not found. The following locations were searched:
~/Themes/Default/Views/Recover/Confirm.cshtml
~/Themes/Default/Views/Shared/Confirm.cshtml
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.