From 16d4112589b23ec8d30562bb2c9671d8b7b67436 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Thu, 2 Sep 2021 01:42:12 +0200 Subject: [PATCH] Update README.md --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index d03fc323..4c654147 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,19 @@ will result in a `PlatformNotSupportedException` being thrown at runtime if no v - X.509 ECDSA signing certificates/keys: calling `AddSigningCertificate()` or `AddSigningKey()` with an ECDSA certificate/key will always result in a `PlatformNotSupportedException` being thrown at runtime. +## Certification + +Unlike many other identity providers, **OpenIddict is not a turnkey solution but a framework that requires writing custom code** +to be operational (typically, at least an authorization controller), making it a poor candidate for the certification program. + +While a reference implementation could be submitted as-is, **this wouldn't guarantee that implementations deployed by OpenIddict users would be standard-compliant.** + +Instead, **developers are encouraged to execute the conformance tests against their own deployment** once they've implemented their own logic. + +> The samples repository contains [a dedicated sample](https://github.com/openiddict/openiddict-samples/tree/dev/samples/Contruum/Contruum.Server) specially designed to be used +> with the OpenID Connect Provider Certification tool and demonstrate that OpenIddict can be easily used in a certified implementation. To allow executing the certification tests +> as fast as possible, that sample doesn't include any membership or consent feature (two hardcoded identities are proposed for tests that require switching between identities). + -------------- ## Resources