Windows Live Open ID Connect/Oauth 2.0 How to use for SSO with Apache mod_auth_openidc -

-

i've got mod_auth_openidc working google , hand rolled version of phpoidc op mod_auth_openidc identity provider.

my problem appears bug in microsoft implementation.

mod_auth_openidc great mod , quite log of validation.

one of things returned in jwt "aud" parameter audience.

according open id connect spec:

aud required. audience(s) id token intended for. must contain oauth 2.0 client_id of relying party audience value. may contain identifiers other audiences. in general case, aud value array of case sensitive strings. in common special case when there 1 audience, aud value may single case sensitive string.

my client id 00000001234 (not real id, example).

i make through handshake , groovy, nonce "code" windows live, exchange token, token has "aud" value of:

00000000-0000-0000-0000-00000001234

mod_auth_openidc correctly checks "aud" value in returned token , responds error "aud" not match configured cliend_id, should, according spec.

my question is, other not validating audience of token, there way configure app, in ms developer console returns client id correctly "aud" value in returned token?

sans that, best place report such bug in implementation?

actually in docs login.live.com says ms live openid connect compliant. mention has built own sso protocol on top of oauth 2.0.

it seems you've found out by-trial-and-error ms live supports important pieces of openid connect (discovery document on well-known location, jwks uri, openid scope etc.), news me in itself. unfortunately seems 1 tiny thing still missing... that's reason not announcing openid connect support ms live id yet.

ms's openid connect implementation in azure ad is compliant already, live id not yet. guess can bug ms.


Comments

Post a Comment

Popular posts from this blog

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null
Read more

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops',
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens
Read more