Closed qq1176914912 closed 3 months ago
qq1176914912
commented
3 months ago qq1176914912
commented
3 months ago
- Have you considered whether to enable two-factor authentication option in 5002 user configuration interface and 5001 personal information page, so that ACR can be used
- 5002 User credentials list on the user configuration page cannot be unchecked after I check it, but can only be deleted. 3、5002 page in the user configuration page to add credentials, why only two passwords and otp no sms email and so on?
1、Here's an example of the first question: Add an option to the user page in 5002 whether to enable dual factors, if enabled, a drop-down selection box will pop up (multiple choices can be made), similar to the order of selecting ACR or listing ACR list, assuming that the password and email are selected, then judge whether the user has set dual factors when logging in, if so, perform the required steps. If no, the login succeeds.
qq1176914912
commented
3 months ago Consent required for Clients
When "Consent required" is selected and the client logs in for the first time, the authorization page will be displayed:
When the license is Approved, the 5001 page will display the application in: "Approved applications" :
When I click "Revoke access" in the Approved application on the 5001 page, the authorization page will still pop up when I log in to the client again. After I agree, the reauthorized application will still be displayed in the "Approved applications" on the 5001 page.
However, when I uncheck the "Consent required" configuration in 5002 and click "Revoke access" on the page of 5001 to remove the client authorization, no authorization form will pop up when I log in to the client again (because the Consent required configuration is removed). As a result, the "Approved applications" on the 5001 page does not load the client information and the list is empty.
I'm not sure if this is a problem, but I understand that the "Consent required" option means that even if I don't check it, it will automatically authorize and be logged in 5001's "Approved applications" list (just once).
qq1176914912
commented
3 months ago Repeat login problem Project 5002 and project 5001 are on the login page at the same time. If you successfully log in on page 5002 and then log in on page 5001, 400 errors will occur
simpleidserver
commented
3 months ago Enable Two-Factor Authentication Options in User Configuration
The request for authentication context class reference must be determined by the client/website and not by the user. We may consider adding a new client property to specify the minimal context class reference required to authenticate the user.
Cannot Uncheck the Credential
It is normal that you cannot uncheck a credential because only one credential of the pwd or otp type can be active. I fixed an issue in the backend code to set the IsActive property to false.
Sms & Email are not Present in the Credential
They are not present because SMS and email are not user credentials.
Consent Required
It is not a problem; the list is empty because the user didn't accept any consent.
Repeat Login Problem
An exception is thrown because the Anti-Forgery token is incorrect. I made some modifications in the BaseAuthenticateController to redirect the user-agent to the redirect URL when the user is already authenticated.
qq1176914912
commented
3 months ago Enable Two-Factor Authentication Options in User Configuration
The request for authentication context class reference must be determined by the client/website and not by the user. We may consider adding a new client property to specify the minimal context class reference required to authenticate the user.
Cannot Uncheck the Credential
It is normal that you cannot uncheck a credential because only one credential of the pwd or otp type can be active. I fixed an issue in the backend code to set the IsActive property to false.
Sms & Email are not Present in the Credential
They are not present because SMS and email are not user credentials.
Consent Required
It is not a problem; the list is empty because the user didn't accept any consent.
Repeat Login Problem
An exception is thrown because the Anti-Forgery token is incorrect. I made some modifications in the BaseAuthenticateController to redirect the user-agent to the redirect URL when the user is already authenticated.
Thank you very much for your reply and look forward to the new version