Comments (9)
@FolabiAhn did you try to check logs?
in appsettings.json
"LogLevel": {
"Microsoft": "Trace"
}
from identityserver4.phonenumberauth.
Thanks @jurabek for your reply.
Yes i change the loglevel to Trace, but nothing useful in logs.
When I generate the code and validate within the same action(POST), it return true.
I debug ValidateAsync method and for somehow it returning false when it tries to compare the userId and actualUserdId(the ids are not the same ?)
var userId = reader.ReadString();
var actualUserId = await manager.GetUserIdAsync(user);
if (userId != actualUserId)
{
Logger.UserIdsNotEquals();
return false;
}
from identityserver4.phonenumberauth.
It is like DataProtectorTokenProvider between each http request is not the same
from identityserver4.phonenumberauth.
the problem might be DataProtectorTokenProvider
perhaps await manager.GetUserIdAsync(user);
returning null
which is not equal to userId, manager somehow should keep data for the generated users.
from identityserver4.phonenumberauth.
Hello,
Both (userId and actualUserdId) are set, but different guid values.
from identityserver4.phonenumberauth.
Here is a bug on GetUser() method, which now I realized
on the line 95
it is looking at users list which does not exist and every time when PUT request creates new User
from identityserver4.phonenumberauth.
Yes you are right.
So we have to move the creation of the user in PhoneNumberTokenGrantValidator to the POST action. Is that correct ?
Maybe saving the user in POST action is bad, like we can have multiple users saved without verification.
from identityserver4.phonenumberauth.
Yes, this is one way when you POST verify
we are gonna store the user into Database, in that case, we should remove the user if he cancels the process, the only way to do that running batch jobs periodically and check the user actually verified or not.
from identityserver4.phonenumberauth.
Yes. I can complete the POST with a batch job.
Great. Thank you very much
from identityserver4.phonenumberauth.
Related Issues (9)
- Passwordless Auth with MVC Client HOT 4
- How do we refresh token? HOT 2
- why is the put method there? HOT 5
- Renew JWT? HOT 1
- Potential security issue: TOTP with SHA(PhoneNumber) HOT 3
- Native Mobile Client Suitability HOT 2
- AddAspNetIdentity doesn not exist in AddIdentityServer HOT 2
- Migration required IdentityServer 4.1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver4.phonenumberauth.