tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1008 Commits
2 Branches
79 Tags
29 MiB
 
 
 
 
 
 
Tree: 7bb02a43bd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7bb02a43bd'
${ noResults }
Kévin Chalet 7bb02a43bd
Allow determining the token format dynamically and automatically add a jti claim to JWT access tokens 		4 years ago
.github Migrate to GitHub issue forms and open bug reports/questions/enhancement requests to contributors 4 years ago
eng Add native OWIN support for the OpenIddict client 4 years ago
sandbox Revamp the challenge responses handling logic 4 years ago
shared/OpenIddict.Extensions React to the removal of the !! operator in C# 11 4 years ago
src Allow determining the token format dynamically and automatically add a jti claim to JWT access tokens 4 years ago
test Revamp HTTP response extraction to support WWW-Authenticate and enforce Content-Type validation 4 years ago
.gitattributes Set up the initial project structure 10 years ago
.gitignore Send integration test logs to xUnit output 6 years ago
Build.cmd Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
Directory.Build.props Set ProduceReferenceAssembly to true to benefit from incremental builds on old TFMs 4 years ago
Directory.Build.targets Add System.Text.Json.Nodes support and revamp the OpenIddictParameter primitive 4 years ago
LICENSE.md Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
NuGet.config Bump Quartz.NET, leverage its new Microsoft.Extensions.Options support and mark the OpenIddict.Quartz package as shipping 5 years ago
OpenIddict.sln Make the OpenIddict client stack stateful by default and introduce OpenIddict.Client.DataProtection 4 years ago
Packages.props Update the ASP.NET 4.8 server sandbox to use ASP.NET Web API for the resource controller 4 years ago
README.md Add pixel-identity to the list of OpenIddict-based projects maintained by third parties 4 years ago
SECURITY.md Update README.md and SECURITY.md 5 years ago
build.sh Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
global.json React to the removal of the !! operator in C# 11 4 years ago
package-icon.png Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago

README.md

OpenIddict

The OpenID Connect stack you'll be addicted to.

Build status

What's OpenIddict?

OpenIddict aims at providing a versatile solution to implement an OpenID Connect server and token validation in any ASP.NET Core 2.1 (and higher) application. ASP.NET 4.6.1 (and higher) applications are also fully supported thanks to a native Microsoft.Owin 4.2 integration.

OpenIddict fully supports the code/implicit/hybrid flows, the client credentials/resource owner password grants and the device authorization flow.

OpenIddict natively supports Entity Framework Core, Entity Framework 6 and MongoDB out-of-the-box and custom stores can be implemented to support other providers.

Getting started

Developers looking for a simple and turnkey solution are strongly encouraged to use OrchardCore and its OpenID module, which is based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.

To implement a custom OpenID Connect server using OpenIddict, read Getting started.

Samples demonstrating how to use OpenIddict with the different OAuth 2.0/OpenID Connect flows can be found in the dedicated repository.

Compatibility matrix

Web framework version .NET runtime version OpenIddict 3.x OpenIddict 4.x (preview)
ASP.NET Core 2.1 .NET Framework 4.6.1 ✔️ ℹ️ ✔️ ℹ️
ASP.NET Core 2.1 .NET Framework 4.7.2 ✔️ ✔️
ASP.NET Core 2.1 .NET Framework 4.8 ✔️ ✔️
ASP.NET Core 2.1 .NET Core 2.1 ✔️
ASP.NET Core 3.1 .NET Core 3.1 ✔️ ✔️
ASP.NET Core 5.0 .NET 5.0 ✔️ ✔️
ASP.NET Core 6.0 .NET 6.0 ✔️ ✔️
Microsoft.Owin 4.2 .NET Framework 4.6.1 ✔️ ℹ️ ✔️ ℹ️
Microsoft.Owin 4.2 .NET Framework 4.7.2 ✔️ ✔️
Microsoft.Owin 4.2 .NET Framework 4.8 ✔️ ✔️

Note: ASP.NET Core 2.1 on .NET Core 2.1 is no longer supported. While OpenIddict 4.x can still be used on .NET Core 2.1 thanks to its .NET Standard 2.0 compatibility, users are strongly encouraged to migrate to ASP.NET Core/.NET 6.0. ASP.NET Core 2.1 on .NET Framework 4.6.1 (and higher) is still fully supported.

ℹ️ Note: the following features are not available when targeting .NET Framework 4.6.1:

  • X.509 development encryption/signing certificates: calling AddDevelopmentEncryptionCertificate() or AddDevelopmentSigningCertificate() will result in a PlatformNotSupportedException being thrown at runtime if no valid development certificate can be found and a new one must be generated.
  • X.509 ECDSA signing certificates/keys: calling AddSigningCertificate() or AddSigningKey() with an ECDSA certificate/key will always result in a PlatformNotSupportedException being thrown at runtime.

Certification

Unlike many other identity providers, OpenIddict is not a turnkey solution but a framework that requires writing custom code to be operational (typically, at least an authorization controller), making it a poor candidate for the certification program.

While a reference implementation could be submitted as-is, this wouldn't guarantee that implementations deployed by OpenIddict users would be standard-compliant.

Instead, developers are encouraged to execute the conformance tests against their own deployment once they've implemented their own logic.

The samples repository contains a dedicated sample specially designed to be used with the OpenID Connect Provider Certification tool and demonstrate that OpenIddict can be easily used in a certified implementation. To allow executing the certification tests as fast as possible, that sample doesn't include any membership or consent feature (two hardcoded identities are proposed for tests that require switching between identities).

Resources

Looking for additional resources to help you get started with OpenIddict? Don't miss these interesting blog posts:

OpenIddict-based projects maintained by third parties:

Security policy

Security issues and bugs should be reported privately by emailing security@openiddict.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Support

If you need support, please make sure you sponsor the project before creating a GitHub ticket. If you're not a sponsor, you can post your questions on Gitter or StackOverflow:

Nightly builds

If you want to try out the latest features and bug fixes, there is a MyGet feed with nightly builds of OpenIddict. To reference the OpenIddict MyGet feed, create a NuGet.config file (at the root of your solution):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="openiddict" value="https://www.myget.org/F/openiddict/api/v3/index.json" />
  </packageSources>
</configuration>

Contributors

OpenIddict is actively maintained by Kévin Chalet. Contributions are welcome and can be submitted using pull requests.

Special thanks to our sponsors for their incredible support:

License

This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See http://www.apache.org/licenses/LICENSE-2.0.html for more details.