Questions about some attributes.

[qq1176914912]

Hello, I would like to ask, 1、there is a "Enable the developer mode" attribute in "Web Authentication", may I ask what is the difference between this enabled and not enabled, where can I see this difference? 2、Is the session expiration time different from the session expiration time after login with the password? 3、Must the session expiration time be in such a format that you can't enter a number directly?

[qq1176914912]

"Is default?" in "Registration Workflows" What is the role of it? Now the code has changed the logic, that Is, the login process is configured on the client side, and the login process is bound to the registration method, so now the "Is default?" It is no longer useful, because if the client does not specify the login process (that is, it does not bind the registration method), the registration button will not appear in the login page.

[qq1176914912]

As for the "Certificate store" in "Certificate Authorities", does he look it up in the computer deployed by the project? I looked at the local certificate in ubuntu with 5001 deployed using "certmgr-list-c-m Trust" : But I used the serial number search and it showed that it couldn't be found. So I wanted to make sure. Where was he looking?

[simpleidserver]

Developer Tool

The developer tool is not used by the Webauthn authentication method but by the Mobile authentication method to display the content of the QR code in JSON format. This property has been removed in the master branch.

Expiration Time

The "expiration time" represents the duration of the registration/authentication process in seconds. If you remain on the page for more than 300 seconds, the authentication will fail.

Default Workflow

The default property of the registration workflow is still used. You select a registration workflow as default and navigate to this URL: https://openid.simpleidserver.com/master/Registration. You will then be redirected to the default workflow. If no registration workflow is selected, an error message is displayed.

Certificate Not Found

The certificate cannot be found because they are located here: ~/.dotnet/corefx/cryptography/x509stores/.

[qq1176914912]

Thank you for your reply

[qq1176914912]

As for the effective time setting of SMS and email, is it still not possible to set it according to 5002? Or 30 seconds by default?

[qq1176914912]

Developer Tool

The developer tool is not used by the Webauthn authentication method but by the Mobile authentication method to display the content of the QR code in JSON format. This property has been removed in the master branch.

Expiration Time

The "expiration time" represents the duration of the registration/authentication process in seconds. If you remain on the page for more than 300 seconds, the authentication will fail.

Default Workflow

The default property of the registration workflow is still used. You select a registration workflow as default and navigate to this URL: https://openid.simpleidserver.com/master/Registration. You will then be redirected to the default workflow. If no registration workflow is selected, an error message is displayed.

Certificate Not Found

The certificate cannot be found because they are located here: ~/.dotnet/corefx/cryptography/x509stores/.

Default Workflow I assumed that the default registration method would be used if the client login process did not bind the registration method, but at this point, if the client login process did not bind the registration method, then the login page would not have a registration button, which led me to believe that this property is not useful.

[qq1176914912]

Hello, excuse me, about the configuration of "Keys" in the client, you can configure the signature key and encryption key in it for jwt. What I want to ask is that I understand it is used to generate jwt and verify jwt when the user logs in, but when creating an ordinary web client, this place is generally not configured. If this place is not configured, does the user use the default key when logging in to the client? What difference does this make?

[simpleidserver]

Hello,

The Keys tab must be used when the client is configured to use one of the following authentication methods:

• Signed JWT (private_key_jwt)
• Signed JWT with client secret (client_secret_jwt).

Before being able to authenticate, the client must be able to build a signed/encrypted authorization request and pass the result into the request parameter of the Authorization request.

List of actions to generate a protected authorization request:

• Generate an authorization request
• Sign the request with the Signature Key to obtain a JWS.
• If needed, encrypt the JWS with the Encryption Key to obtain a JWE.
• Pass the JWS/JWE into the authorization request.

To generate the Signature/Encryption key, you can use the following UI. Once a key is generated, the private key can be uploaded into the client.

The second method is to use the JWKS_URL. This URL will be used by the identity server to decrypt and check the signature of the request. The main advantage of this method is that it allows the client to manage its own signature and encryption keys.

[qq1176914912]

Hello,

The Keys tab must be used when the client is configured to use one of the following authentication methods:

• Signed JWT (private_key_jwt)
• Signed JWT with client secret (client_secret_jwt).

Before being able to authenticate, the client must be able to build a signed/encrypted authorization request and pass the result into the request parameter of the Authorization request.

List of actions to generate a protected authorization request:

• Generate an authorization request
• Sign the request with the Signature Key to obtain a JWS.
• If needed, encrypt the JWS with the Encryption Key to obtain a JWE.
• Pass the JWS/JWE into the authorization request.

To generate the Signature/Encryption key, you can use the following UI. Once a key is generated, the private key can be uploaded into the client.

The second method is to use the JWKS_URL. This URL will be used by the identity server to decrypt and check the signature of the request. The main advantage of this method is that it allows the client to manage its own signature and encryption keys.

Thank you for your introduction. I understand