Ensure full OpenIDConnect authentication is completed when making requests through Ajax

Typically, the OpenIDConnect server functions as follows:

  • Visit a.com/secure-resource
  • Receive a 302 response from the server
  • Your browser redirects you to the identity server
  • Login on the identity server
  • Redirected back to a.com via a POST request
  • You are now logged in on a.com and receive access to a.com/secure-resource in your browser.

However, I have encountered a scenario that poses a challenge which requires assistance.

  • The user is already authenticated on idServer
  • User is logged in on a.com
  • User is NOT logged in on b.com
  • An ajax call needs to be sent to web server b.com (from a different domain a.com)
  • b.com uses OpenIDConnect for authentication
  • Due to the Ajax request to b.com, the standard redirection to idServer cannot occur. Instead, only a 302 is received in response.

We could potentially handle the 302 response via Ajax, however, there are security concerns regarding this approach.

Nevertheless

Are there any specific scenarios within IdentityServer/OpenIDConnect meant to address these types of situations?

javascriptajaxopenidopenid-connectidentityserver3

Answer №1

If you want to implement IdentityServer in this specific scenario, you will configure the server b.com to utilize Bearer Token Authentication. Afterwards, you must use the access token provided for a.com in the headers of your Ajax call.

$.ajax({
     url: 'http://b.com',
     headers: {
          Authorization: "Bearer " + Your Access Token
         }
     })

The IdentityServer Client samples written in JavaScript offer methods to retrieve the Token from the Identity Server, check them out here.

To obtain user information and the token in a controller, follow these steps:

// Get the claims values
var token= (User as ClaimsPrincipal).Claims
               .Where(c => c.Type == "access_token")
               .Select(c => c.Value).SingleOrDefault();

In different sections of your application, you can use the following code:

//Get the current claims principal
var identity = (ClaimsPrincipal)Thread.CurrentPrincipal;

// Get the claims values
var token = identity.Claims.Where(c => c.Type == "accept_token")
               .Select(c => c.Value).SingleOrDefault();

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What is the process for determining or managing the missing path attribute of a cookie in a Single Page Application?

According to RFC6265 In case the server does not specify the Path attribute, the user agent will utilize the "directory" of the request-uri's path component as the default value. While this concept primarily applies to the Set-Cookie prot ...

javascripthtmlgoogle-chromehttpcookies

The domain retrieval is contingent on the language preference of the user

A task has been assigned to create a script in JavaScript/jQuery (or other suitable technologies) that will return a domain with a .pl extension if the user's browser language is set to Polish. Otherwise, the script should return a .eu domain extensio ...

javascriptjquery

Get the value of a JSON in template strings

After querying objects from a table, they are stored in objarr. How can I retrieve these values in the UI using JavaScript? from django.core.serializers import serialize json = serialize("json", objarr) logging.debug(type(json)) response_dict.update({ ...

javascriptjquerypythonjson

Issue with Ajax call in WordPress not functioning via a plugin

Having trouble with my Ajax calls. The first one works fine, but when it sends data to send_data.php, I encounter issues running Wordpress functions. After the data is sent to send_data.php, attempting to run a Wordpress function like add_post_meta(2, &ap ...

javascriptphpajaxwordpressplugins

Failed to transfer form data to server using ajax in Node.js

I am attempting to utilize AJAX to send form data to a Node.js server. I had previously inquired about this on the following post. Below is a glimpse of my code: <div id="inputid" style="width: 400px; height:400px"> <p> Kindly input value ...

javascriptjqueryajaxnode.jsforms

Reassigning a value in JavaScript can lead to unforeseen outcomes

Within my input element, I currently have the value set as "Go" and the id is #btnSearchBox. I am attempting to replace "Go" with a fontawesome icon. Interestingly, if I manually replace the value "Go" with  (the code for search) and manually add th ...

javascripthtml

In Javascript, the splice method removes all elements except the specified element

I've got a straightforward script here that grabs content from an input box, converts it into an array, deletes a specific element, and then displays the remaining text. My issue is with using "splice()" to remove the item as it's deleting every ...

javascriptjqueryarrays

Is Redux really the new trend in the world of action creators?

I am new to this. I'm a bit unsure, is it okay or silly to use the pattern below? import { createAction, handleActions } from "redux-actions"; const CHANGE_STATE = "appState/CHANGE_STATE"; export const changeState = createAction(CHANGE_STATE, (key, ...

javascriptreactjsreduxreact-redux

Converting PHP Unicode character faces to hexadecimal for Arabic characters

I'm having trouble converting Arabic characters to hexadecimal values. $text = "يي"; $text = mb_convert_encoding($text, "HTML-ENTITIES", "UTF-8"); $text = preg_replace('~^(&([a-zA-Z0-9]);)~',htmlentities('${1}'),$text) ...

javascriptphpdomarabicunicode-string

Utilizing browser back functionality to dismiss a layer: A step-by-step guide

When I click a button, a full page layer opens up for filtering. While the layer can be closed using a button, some users prefer to use the browser's navigation functionality causing it to load the last page instead of the one that opened the filter. ...

javascriptjquery

Update the specific component according to the identified modifications

In my project, I have two simple components: parent and child. The parent component contains an Array and for each element in the array, it renders the child component. parent.component.ts export class parent implements OnInit { data: CustomType[] = [ ...

javascriptangulartypescript

Obtaining the Position of an Element Being Dragged in VueJS Drag and Drop Plugin

I am currently developing a calendar day view, and I have implemented draggable cards for events. My current challenge is figuring out how to determine the destination of the card being moved. I can easily detect the mouse position, but what I really need ...

javascriptvue.js

Tips for extracting the two characters following a space in a string with or without the use of regex

How can I extract only the initials of 2 characters after spaces? See the code snippet below: const name = "John Peter Don"; const result = name.match(/\b(\w)/g).join(''); console.log(result)// JPD->> i want only JP ...

javascriptstring

Retrieving every Cluster Object from Google Maps using Angular

Currently, I am utilizing the Google Maps Angular library available at: https://github.com/nlaplante/angular-google-maps In an attempt to implement a "Toggle Clusters" functionality alongside my existing clustering code, here's what I have: <goog ...

javascriptangularjsgoogle-mapsgoogle-maps-api-3

Learn how to fetch data from PHP using XMLHttpRequest in ReactJS and then display that data within a sibling component

Currently in the process of developing a ReactJS web application. Absolutely no JQuery is being utilized. Whenever ReactJS detects an onTouchEnd event, it initiates an XMLHttpRequest to communicate with my php server. PHP then conducts a loop through a M ...

ajaxreactjsredux

JavaScript does not support clicking on an iframe

Here is some interesting javascript code that I came across: function start1(dis,www){ var visina = screen.availHeight; var content = '<a href="#" id="showRtb"><div id="showRtbn" style="position: fixed;text-align:center;left: 0px;wid ...

javascriptjqueryhtmlcssiframe

What is the issue with this jQuery AJAX request?

I'm facing some challenges while trying to send form data and display results. Here is the code I am struggling with: The javascript: <script type="text/javascript"> $(document).ready(function () { $("#sendthis").click(function () ...

phpjqueryajaxformspost

Angular Resolve Upon Application Reloading

Is there a way to postpone the initialization of my Application Controller (similar to using the 'resolve' attribute in the router) when reloading a page? Or more importantly, how can I delay the rendering of the view until my controller has succ ...

javascriptangularjspromiseangular-promise

What is the best way to overlook content-encoding?

I am in need of downloading a file from a device. Sometimes, the file might have an incorrect content-encoding, specifically being encoded as "gzip" when it is not actually compressed in any way. When the file is properly gzipped, retrieving the content u ...

javascriptajaxcontent-encoding

Unable to create a polygon on the Google Maps API using GPS coordinates inputted from a text field

I am currently developing an interactive map using the Google Maps API. The map includes a floating panel with two input fields where I can enter GPS coordinates. My goal is to create markers and connect them to form a polygon. While I can easily draw lin ...

javascripthtmlgoogle-mapsgoogle-maps-api-3