[question]about Mobile application and One Time Password

[qq1176914912]

Mobile application
I followed the steps on https://simpleidserver.com/docs/mobileapplication to download the app on my phone. When I tried to access https://openid.simpleidserver.com/master/mobile/Register, I found that I couldn't access it without logging in. After logging in, I could access the page.

1、If, as per your instructions, this page is for registering a new user, shouldn't it be accessible without logging in?
2、If it's for registering a new user, shouldn't the username (Login) field be in a state where I can input my information?
Regarding points 1 and 2, there might be some confusion on my part due to the description. It mentions registering a mobile application but later talks about registering a new user.
3、When I click on "Generate QR Code" and try to scan it with the app on my phone, it shows "An error occurred while trying to parse the QR Code." Is there any restriction for China?
One Time Password
Testing with a local app:
1、When I set "One Time Password (otp)" for the user's credentials on [port 5002] and click "Show data," I get a dynamic code on my mobile (iPhone) using the "Authenticator" app. When I try to log in with this dynamic code instead of the previous password, it says "Credential is invalid." What is the purpose of this feature and how should it be used?
Authenticator:

2、Also, on [port 5001], when a user adds OTP credentials, a QR code appears below. Is its function the same as the QR code shown with "Show data" on [port 5002]?

[qq1176914912]

Hello，Do you have an example demonstrating pending requests in your project?If I want to showcase the features here, how do I configure them on 5001 or 5002?

Are the functions here the same as those in IDS in
https://github.com/DuendeSoftware/Samples/tree/main/IdentityServer/v7/SessionManagement/BackChannelClient？

I found that when my client Scope has "offline-access", the content can be displayed in it:

If the client Scope does not include "offline-access", then this page has nothing. I feel that the feature you mentioned is similar to this, is it as I understand it?

[qq1176914912]

offline-access

I misunderstood "offline access" as it is a parameter used to request a token refresh. Your project does not need to configure this scope and can also request a token refresh. In the BackChannelClient project of ids, if the scope does not include "offline access", clicking to request a token refresh will result in an error.

[simpleidserver]

Mobile Application

I have pushed version "4.0.6" to the AppCenter.
Could you please install the latest version and try again?
There is an error in the documentation; the registration URL should be https://openid.simpleidserver.com/master/registration?workflowName=mobile.

One-Time Password

Currently, SimpleIdServer does not support an authentication method that accepts an OTP code for user authentication. I have created a ticket #680 to implement support for this new authentication method.

The QR code displayed in the Identity Server is the same as the one displayed on the administration website.

Pending Requests

The concept of "Pending Requests" differs from OAUTH2.0 concepts. This concept originates from the User-Managed Access 2.0 Protocol (UMA 2.0). For more information, please refer to this documentation: https://riskinsight-wavestone.com/en/2018/09/demystifying-uma2/ I have created a ticket #681 to add some examples.

Offline Scope

There was indeed an issue with the "offline_scope." This issue has been fixed in the master branch.

[simpleidserver]

Hello @qq1176914912,

The Ticket #680 has been completed, and the modifications are now incorporated into the master branch.

You can now authenticate using the code generated by your mobile application, such as theAuthenticator.Follow these steps:

• Open the Authenticator mobile application and scan the QR Code.
• Create a new Authentication Context with the otp authentication method.
• Click on the link and enter the login along with the OTP generated by the mobile application

[qq1176914912]

Mobile Application

I have pushed version "4.0.6" to the AppCenter. Could you please install the latest version and try again? There is an error in the documentation; the registration URL should be https://openid.simpleidserver.com/master/registration?workflowName=mobile.

One-Time Password

Currently, SimpleIdServer does not support an authentication method that accepts an OTP code for user authentication. I have created a ticket #680 to implement support for this new authentication method.

The QR code displayed in the Identity Server is the same as the one displayed on the administration website.

Pending Requests

The concept of "Pending Requests" differs from OAUTH2.0 concepts. This concept originates from the User-Managed Access 2.0 Protocol (UMA 2.0). For more information, please refer to this documentation: https://riskinsight-wavestone.com/en/2018/09/demystifying-uma2/ I have created a ticket #681 to add some examples.

Offline Scope

There was indeed an issue with the "offline_scope." This issue has been fixed in the master branch.

Thank you for your reply.
Mobile Application
I have installed the following version on my phone and tested the registration connection you sent, but it still shows an error of "n error occurred while trying to parse the QR Code", and there is no place to input JSON data in the new version of the application.Will the Chinese region be affected.

One-Time Password
1、I created a sample for testing OTP in ACRS, and the test passed.

Is this how you used OTP when you mentioned it? Or other ways?
2、I found two OTPs on the Authentications page, one can be clicked and the other cannot be clicked:

And after entering the OTP that can be clicked, the page will continue to load, and an error message will appear in 5002:


3、Clicking on OTP on page 5001 will not display the content.

Offline Scope
What is the issue you have discovered? I am not sure if any changes need to be made to the previous program. Is it necessary for my client program to request a refresh token scope with "Offline Scope" in order to be able to request it normally in the future?

[qq1176914912]

There is one more question, I remember before 5002, there was a text introduction below when adding the client. Did the new version delete it?

[simpleidserver]

Mobile Application

The exceptions in the mobile application have been resolved. Unfortunately, when MAUI is published in RELEASE mode, JSON serialization and deserialization are not functioning correctly.
Could you please download the application from the following link and try again? https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public

One-Time Password

The administration website has been fixed, and the OTP is now displayed only once.
The OTP has been temporarily removed from the list of "enroll credentials" because the registration workflow for the OTP credential is not yet supported.
I have created ticket #684 to address and support this workflow.

Offline Scope

There was an issue in the Authorization Code grant-type where, when an access token was issued, the refresh token was always issued as well.
However, according to the RFC, the refresh token must be issued only if the scope offline_access is passed into the token request.
In the future, when using the authorization code and you want to obtain a refresh token, you must include the offline_access scope in the token request.

Client Description Missing

The client description is now displayed when a client type is selected.

[qq1176914912]

Mobile Application

The exceptions in the mobile application have been resolved. Unfortunately, when MAUI is published in RELEASE mode, JSON serialization and deserialization are not functioning correctly. Could you please download the application from the following link and try again? https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public

One-Time Password

The administration website has been fixed, and the OTP is now displayed only once. The OTP has been temporarily removed from the list of "enroll credentials" because the registration workflow for the OTP credential is not yet supported. I have created ticket #684 to address and support this workflow.

Offline Scope

There was an issue in the Authorization Code grant-type where, when an access token was issued, the refresh token was always issued as well. However, according to the RFC, the refresh token must be issued only if the scope offline_access is passed into the token request. In the future, when using the authorization code and you want to obtain a refresh token, you must include the offline_access scope in the token request.

Client Description Missing

The client description is now displayed when a client type is selected.

Mobile Application
I downloaded a new version:

The testing address is still:
https://openid.simpleidserver.com/master/registration?workflowName=mobile
Unfortunately, the error still persists:Is it because the Chinese network is unable to connect to your program?

And even after opening "Enable developer mode" in "settings", there is still no place to input JSON on the homepage:

[simpleidserver]

Regrettably, this exception occurs when the mobile application attempts to retrieve the FCM Token (Cloud Messaging Firebase token).
It is likely that this service is blocked in China :(

The token is essential in the enrollment process of the mobile application, as it is utilized by the Identity Server to send push notifications directly to the mobile application.

[qq1176914912]

Regrettably, this exception occurs when the mobile application attempts to retrieve the FCM Token (Cloud Messaging Firebase token). It is likely that this service is blocked in China :(

The token is essential in the enrollment process of the mobile application, as it is utilized by the Identity Server to send push notifications directly to the mobile application.

Thank you for your reply.

[qq1176914912]

Mobile Application

The exceptions in the mobile application have been resolved. Unfortunately, when MAUI is published in RELEASE mode, JSON serialization and deserialization are not functioning correctly. Could you please download the application from the following link and try again? https://install.appcenter.ms/users/agentsimpleidserver-gmail.com/apps/simpleidserver/distribution_groups/public

One-Time Password

The administration website has been fixed, and the OTP is now displayed only once. The OTP has been temporarily removed from the list of "enroll credentials" because the registration workflow for the OTP credential is not yet supported. I have created ticket #684 to address and support this workflow.

Offline Scope

There was an issue in the Authorization Code grant-type where, when an access token was issued, the refresh token was always issued as well. However, according to the RFC, the refresh token must be issued only if the scope offline_access is passed into the token request. In the future, when using the authorization code and you want to obtain a refresh token, you must include the offline_access scope in the token request.

Client Description Missing

The client description is now displayed when a client type is selected.

One-Time Password
as I mentioned earlier, I found that I can no longer use OTP as a password to log in (OTP in ACRS can be used normally), and it will display "Credential is invalid".I remember you solved this problem before, and I also tested that I can use otp's code as a password, but I tested the previous version I found that it doesn't seem to work as a password either, am I remembering it wrong?

[simpleidserver]

I don't recall working on a ticket to implement the use of an OTP code instead of a password.
OTP is employed when utilizing one of the following authentication methods:

• email
• sms
• otp

[qq1176914912]

I don't recall working on a ticket to implement the use of an OTP code instead of a password. OTP is employed when utilizing one of the following authentication methods:

• email
• sms
• otp

Okay, maybe I'm misremembering.