[question]Some issues encountered during login

[qq1176914912]

1.1.When I run the project 'SimpleIdServer.IdServer.Startup 'port: 5001 and' SimpleIdServer.IdServer.Website.Startup' port 5002, I opened the browser for the first time to access 5002 and logged in with the 'admin' account. After clicking Exit, I attempted to log in with the second account: test. When I clicked to log in, I reported an error:

{"error":"invalid_request","error_description":"subject contained in id_token_hint is invalid"}

I must close this browser and reopen it to log in to my second account test. Similarly, to switch accounts, I must close the browser and reopen it.

2. About the 'Revoke session' that appears after clicking to exit. 2.1 When I first opened my browser and logged in to Website, when I clicked Exit, the Revoke session button appeared. After clicking, I did not exit to the login page, but was still on the Website page, and I could access the menu normally. I had to click Exit again to exit the login page. Is this normal? 2.2 Following 2.1, when I successfully logged out of the login page and logged in to the account again, the 'Revoke session' button would appear directly after successfully logging in to the website. Only after clicking on it would the menu appear. After that, clicking on exit again would not show the 'Revoke session' button as in 2.1, but instead instead, the 'Revoke session' button would appear after each successful login, which made me somewhat confused, What exactly is this' Revoke session 'and what is the logic here?

[simpleidserver]

We will take a look to this problem & fix it for the next release (release 4.0.5)

[qq1176914912]

We will take a look to this problem & fix it for the next release (release 4.0.5)

There is another question, I see that there is a registration process in the project, but I did not see the registration button. May I ask where to start it?

[simpleidserver]

Unfortunately, there is a small bug in the administration website.

When the Validation Post Logout Redirect URL is called by the Identity Server, the cookie is not removed by the administration website, and the user remains authenticated :(.

The problems you described in the ticket are related to this issue.

[simpleidserver]

About your second question :

In SimpleIdServer, it is possible to configure one or more Manual Provisioning Workflows. These workflows are used by anonymous users to create their local accounts and provision their credentials.

For example, the URL https://openid.simpleidserver.com/master/registration?workflowName=pwd is used to create a local account with password authentication.

For more information about Manual Provisioning Workflow, please read the documentation : https://simpleidserver.com/docs/iam/manualidentityprovisioning

If you do not wish to use a Manual Provisioning Workflow, your website can call the Users API to create a local account using the following steps:

1. Configure your client to have access to the users scope.
2. Obtain an access token that is valid for the users scopes.
3. Execute an HTTP POST request to create a user. The technical identifier of the user must be returned.

HTTP REQUEST
Target : https://openid.simpleidserver.com/master/users
Method : POST

Body :
{
"name": "user",
"firstname": "firstname",
"lastname": "lastname",
"email": "email",
"claims": { }
}

4. Use the technical identifier of the new user to update the credential as follows:

HTTP REQUEST
Target : https://openid.simpleidserver.com/master/users/{id}/credentials
Method : PUT

Body :
{
"type": "pwd",
"value": "PASSWORD"
}

[qq1176914912]

About your second question :

In SimpleIdServer, it is possible to configure one or more Manual Provisioning Workflows. These workflows are used by anonymous users to create their local accounts and provision their credentials.

For example, the URL https://openid.simpleidserver.com/master/registration?workflowName=pwd is used to create a local account with password authentication.

For more information about Manual Provisioning Workflow, please read the documentation : https://simpleidserver.com/docs/iam/manualidentityprovisioning

If you do not wish to use a Manual Provisioning Workflow, your website can call the Users API to create a local account using the following steps:

1. Configure your client to have access to the users scope.
2. Obtain an access token that is valid for the users scopes.
3. Execute an HTTP POST request to create a user. The technical identifier of the user must be returned.

HTTP REQUEST
Target : https://openid.simpleidserver.com/master/users
Method : POST

Body :
{
"name": "user",
"firstname": "firstname",
"lastname": "lastname",
"email": "email",
"claims": { }
}

4. Use the technical identifier of the new user to update the credential as follows:

HTTP REQUEST
Target : https://openid.simpleidserver.com/master/users/{id}/credentials
Method : PUT

Body :
{
"type": "pwd",
"value": "PASSWORD"
}

I understand. The meaning is that I can add a registration button on the login page, and the button's connection specifies the registration address, such as the one you mentioned https://openid.simpleidserver.com/master/registration?workflowName=pwd So I can add the registration function to the page, but has your project considered adding this feature, such as whether to enable the registration function on the client and specify the registration process?

[simpleidserver]

At the moment, we haven't considered linking the registration workflow to a client (website or SPA). However, it is an interesting idea, and we can explore the possibility of implementing it

[qq1176914912]

At the moment, we haven't considered linking the registration workflow to a client (website or SPA). However, it is an interesting idea, and we can explore the possibility of implementing it

Thank you for your patient response. Looking forward to the new version

[simpleidserver]

This bug is fixed in the branch release/4.0.5.