Search results

Having look into this some more it seams my Chrome browser might be doing some HSTS stuff so forcing the .gif request to be over HTTPS which the GRC client is not to respond to (rightly as its not a secure connection there would be no cert). In Postman I can make the request to...

Well that is very interesting so to summarise on my end what i have figured out To stop the spoof warning in the GRC client you have to make the http://localhost:25519/*.gif query (which i knew already just was having issues with CORS...

That was my thinking as well as the Id is a new one I say it matches as I allow creation of users and your IP will match as your on the same public network. The GRC client seams to not send CSP in opts unless you do the .gif image request to it where as if I remember from my testing of the...

Just to make sure when you say GRCs not showing at all in Chrome you have the chrome extention? Which until I have done the CSP stuff will intercept the only request to a SQRL client

The current InMemory example on my repo or my personal website https://www.liamraper.me.uk/SignIn is a good place to see this. Also there the link https://www.grc.com/sqrl/nospoof.htm and do the anti-spoof page although I think @Steve's client is the only one to do the spoof check from my testing.

Thanks @Has now I have my head around the spoof issue @Deliver talking about I can see how it would work.

Ok so it is that the CSP is not sent which is on my list for 1.0.0 so if you can live with it for the next two days i should have it sorted i just need to get some request fired off to the local SQRL client to wake up the localhost server it runs

If you have the repo can you run the InMemory example and grab the diagnostics page output by going to /login-sqrl?duag ad post the results I might be able to see why we get this for sure but I'm remembering somth8ng about the CPS option not been sent.

Yeah as soon as the package is live my website gets patched which is about 5 minutes cycle time. The forum admin must of only approved your message at the same time as m last so ill let you respond to that but glad the iOS client works now

Interesting I do get the warning everywhere with GRCs client ⁉ The project you highlighted is very basic and I assumed to be dead and the nuts in my opinion are not correct although crypot safe random they could duplicate my implementation tries to reduce that by using date time to a high...

0.8.1 has now been published to the NuGet package repository this should be a small fix for the content type issue @DEllner highlighted yesterday

Not sure why the GRC client takes over from the browser plugin that a question for @Jaap and @Steve to explain (although not best practice you can turn off the gray overlay thing in GRC's client and use the browser one instead then or cancel the GRC client). You will always get the screen you...

Thank you so much @DEllner any feedback is welcome there is a NuGet package you can use in your project. I'm glad you tested the IOS version as I don't have a device to test with for that id assume that Jeff Arthur is expecting the content type application/x-www-form-urlencoded which right now...

0.8.0 is released this is probably the first production usable version of this middleware allowing you to create a custom login page with just a little JavaScript to get some data from the server. There currently an example in the repo and you can see if on my personal website...

@PHolder thank you for your feed back it is very helpful. I agree that first nut might not be the best name but for clarity it is the first nut in this authentication activity. Thanks for the links I has read and reread GRC documents already but I have also reread them in which I found the...

Ok so I did a bit of investigation to how this sites login seams to work. Once you have opened the login page and it's shown a QR code it starts polling with the nut in the link which is also encoded in the QR code as well. From this observation I would be happy saying unless told other wise by...

@Dave thanks I really have wanted to do this for ages but time just started a new job that allows me to do this sort of work though so I now can :) @PHolder when you say session are you talking about a server session? This would normally be a cookie is asp.net and would work when signing in...

I'll be putting some example setups onto the gothic wiki in the coming days but I didn't want to spend ages doing that without peer review on what I have so far as if it's wrong at the basics I'd rather fix that.

For .net specifically ASP.net we can pick from many different data stores but I personally use a MSSQL database. As you outlined I have a table for users and another for external system ids which is my lookup table for OAuth users who login. I have as by design for my website cooped this for...

In the implementation I could find and understand (same issue as you with my code hehe) and the reading of the docs @Steve has written it looked like it have to do this so the page polling to check if the user is logged in can send the only nut it knows about the first nut you have got to one of...