Collaborate Disseminate
according to https://darutk.medium.com/diagrams-of-all-the-openid-connect-flows-6968e3990660
there are two access tokens, one from Authorization endpoint and one from Token endpoint, which is kind of hybrid flow.
I have two questions (the… Continue reading why there is a need to use two access tokens in OpenID Connect?
I’m working within a spec that uses the OpenID Connect third party initiated login + implicit flow. I first have to register my application with the third party, providing them a login initiation url, redirect uri, target link uri. Then th… Continue reading OAuth2 OpenID Connect Third Party Initated Login with implicit flow
I’m new here but I’ve been on StackOverflow since 2008. My current account, which I don’t know how it got created, is 9 years old. Part of this question is to figure out what is going on with these accounts.
I still haven’t been able to fi… Continue reading How do I find out what credentials are involved in the web site I am currently using? [migrated]
EDIT: I’ve looked into the issue more and I can find some documentation for getting an OAuth token with OpenID Connect but not with OpenID 2.0. Can it be done?
We have a server application that is returning our OAuth tokens using the Pytho… Continue reading Using OpenID 2.0 to return an Oauth token
My Dev team creates high-load applications and wants to use Keycloak with OpenID authz. But they are complaining about delays for retrieving permissions from Authz server (Keycloak). So, they decided to define all permissions for each grou… Continue reading Authorization and permissions in backend
I try to understand how the integration we are using with OpenID works. I have read documents and different websites, but I feel that something escapes me related with SSO – I didn´t find so much information about this. If you could help m… Continue reading How SSO with OpenID and Azure AD works?
There are 3 different web apps:
X: A resource provider that provides details about a user (implements authorization part of openid protocol).
Y: Web service (implements openid client) that gets the user details from X
Z: Web app that wants… Continue reading Authentication using an intermediate web app as an openid client
I understand that a nonce is used to prevent replay attacks. I have been going through documentations, specs, posts and blog posts and I am a little confused.
Consider the following attack scenario.
Mary wants to login to https://photos.c… Continue reading OpenId Connect and proper usage of nonce
enter link description here
**
List item##
We are trying to arrive at a solution for an enterprise app
Different Users – have different Authentiation Methods
User Type 1 – Password + Captcha
User type 2 – Biometric [Not device-based] + Password
User type 3 – Biometric [Device-bas… Continue reading OpenId with Biometrics