I am struggling to understand how this silent renew process works. as per what I Read I understood that the html page will be kept in an iframe and it keeps pinging server for renewing token.  I have an angular application, typically we package every...
This is related to this security question regarding what it is that secures credentials inside a single page webapp.  Suppose we are using an app that is not ours and uses JWT Tokens for security.  Are we able to log the contents through browser deve...
I hope someone can point me in the right direction.  I am trying to let an javascript client communicate with an api with the help of reference tokens. I am using Identity Server 4.  What is going OK:  On login the javascript client/webapplicatoin ge...
I'm encountering an issue when using the passport-azure-ad library where the library throws an error when trying to validate the id_token. The specific error message is "authentication failed due to: In _validateResponse: failed to generate P...
Questions:   Is it safe to rely on the default ASP.NET Identity cookies & anti-forgery mechanisms for an Angular app with ASP.Net Core API? In simple deployment scenarios are there tangible benefits to having standard ASP.NET Identity generate be...
I'm curious about this from a general development perspective of how to secure access to online resources.  We initialize our webapp with the following firebase configuration parameters:   apikey authdomain projectid databaseurl messagesenderid...
Need to share some context and setup before asking my question, so please excuse the wall of text. =)  My app:    frontend is a SPA served as a static resource from NGINX (http://frontend) keycloak server running on http://keycloak middleware is a No...
In reference to Keycloak's documentation for account linking, I need to fetch user session id and client session id from the access token.   However, I only find something they call session_state on the token which apparently is the same as sessi...
Given the scenario where a user has logged into my application using the implicit client flow for OpenID Connect where the OP is PingFederate, how can I determine if the user is still logged in if they have closed the application and come back to it...
I have two applications. First is MVC application, second is node.js application. MVC uses IdentityServer3 for authentication. I want to do screenshoots of MVC pages from node.js. I have phantom.js for this purpose. How to get token in node.js applic...

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.