tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
651 Commits
2 Branches
79 Tags
29 MiB
 
 
 
 
 
 
Tree: c0bdb5ef56
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c0bdb5ef56'
${ noResults }
Kévin Chalet c0bdb5ef56
Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 		6 years ago
.github Create FUNDING.yml 6 years ago
eng Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
samples Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
shared/OpenIddict.Extensions Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
src Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
test Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
.gitattributes Set up the initial project structure 10 years ago
.gitignore Migrate to the new .csproj project system 9 years ago
.travis.yml Update .travis.yml and appveyor.yml to run integration tests 6 years ago
Build.cmd Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
Directory.Build.props Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
Directory.Build.targets Ensure the OpenIddict signing key is always used for strong naming 6 years ago
LICENSE.md Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
NuGet.config Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
OpenIddict.sln Remove the NHibernate stores 6 years ago
README.md Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
appveyor.yml Update .travis.yml and appveyor.yml to run integration tests 6 years ago
build.sh Introduce the first experimental OpenIddict 3.0 bits and move the build infrastructure to Arcade 7 years ago
global.json Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago
package-icon.png Update Arcade and replace the netcoreapp3.0 TFMs by netcoreapp3.1 6 years ago

README.md

OpenIddict

The OpenID Connect server you'll be addicted to.

Build status Build status

Warning: this branch contains the OpenIddict 3.0 source code, which is still a work in progress. The 3.0.0 alpha packages haven't been heavily tested: don't use them in production. Nightly builds can be downloaded from the MyGet repository: https://www.myget.org/F/openiddict/api/v3/index.json

Compatibility matrix

OpenIddict 2.0 OpenIddict 2.0.1 OpenIddict 3.0 (alpha)
ASP.NET Core 2.1 ✔️ ✔️ ✔️
ASP.NET Core 3.1 ⚠️ ✔️ ✔️
OWIN/Katana 4.1 ✔️

What's OpenIddict?

OpenIddict aims at providing an easy-to-use and versatile solution to implement an OpenID Connect server in any ASP.NET Core 2.1 or 3.1 application, and starting in OpenIddict 3.0, any ASP.NET 4.x or OWIN application too.

OpenIddict fully supports the code/implicit/hybrid flows, the client credentials/resource owner password grants and the device authorization flow. You can also create your own custom grant types.

OpenIddict natively supports Entity Framework Core, Entity Framework 6 and MongoDB out-of-the-box, but you can also provide your own stores.

Why an OpenID Connect server?

Adding an OpenID Connect server to your application allows you to support token authentication. It also allows you to manage all your users using local password or an external identity provider (e.g. Facebook or Google) for all your applications in one central place, with the power to control who can access your API and the information that is exposed to each client.

Documentation

The documentation for the latest stable release (2.0.1) can be found in the dedicated repository.

Samples

Specialized samples for the latest stable release can be found in the samples repository:

Getting started

To use OpenIddict 3.0, you need to:

  • Install the latest .NET Core 3.1 tooling.

  • Have an existing project or create a new one: when creating a new project using Visual Studio's default ASP.NET Core template, using individual user accounts authentication is strongly recommended. When updating an existing project, you must provide your own AccountController to handle the registration process and the authentication flow.

  • Create a NuGet.config file referencing the OpenIddict feed (at the root of your solution):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="openiddict" value="https://www.myget.org/F/openiddict/api/v3/index.json" />
  </packageSources>
</configuration>
  • Update your .csproj file to reference the OpenIddict packages:
<PackageReference Include="OpenIddict.AspNetCore" Version="3.0.0-*" />
<PackageReference Include="OpenIddict.EntityFrameworkCore" Version="3.0.0-*" />
  • Configure the OpenIddict core, server and validation services in Startup.ConfigureServices:
public void ConfigureServices(IServiceCollection services)
{
    services.AddOpenIddict()

        // Register the OpenIddict core components.
        .AddCore(options =>
        {
            // Configure OpenIddict to use the Entity Framework Core stores and models.
            options.UseEntityFrameworkCore()
                   .UseDbContext<ApplicationDbContext>();
        })

        // Register the OpenIddict server components.
        .AddServer(options =>
        {
            // Enable the token endpoint (required to use the password flow).
            options.SetTokenEndpointUris("/connect/token");

            // Allow client applications to use the grant_type=password flow.
            options.AllowPasswordFlow();

            // Accept requests sent by unknown clients (i.e that don't send a client_id).
            // When this option is not used, a client registration must be
            // created for each client using IOpenIddictApplicationManager.
            options.AcceptAnonymousClients();

            // Register the signing and encryption credentials.
            options.AddDevelopmentEncryptionCertificate()
                   .AddDevelopmentSigningCertificate();

            // Register the ASP.NET Core host and configure the ASP.NET Core-specific options.
            options.UseAspNetCore()
                   .EnableTokenEndpointPassthrough()
                   .DisableTransportSecurityRequirement(); // During development, you can disable the HTTPS requirement.
        })

        // Register the OpenIddict validation components.
        .AddValidation(options =>
        {
            // Import the configuration from the local OpenIddict server instance.
            options.UseLocalServer();

            // Register the ASP.NET Core host.
            options.UseAspNetCore();
        });
}

Note: for more information about the different options and configurations available, check out the documentation.

  • Make sure the authentication middleware is registered before the other middleware, including app.UseEndpoints():
public void Configure(IApplicationBuilder app)
{
    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
        endpoints.MapRazorPages();
    });
}
  • Update your Entity Framework Core context registration to register the OpenIddict entities:
services.AddDbContext<ApplicationDbContext>(options =>
{
    // Configure the context to use Microsoft SQL Server.
    options.UseSqlServer(Configuration["Data:DefaultConnection:ConnectionString"]);

    // Register the entity sets needed by OpenIddict.
    // Note: use the generic overload if you need
    // to replace the default OpenIddict entities.
    options.UseOpenIddict();
});

Note: if you change the default entity primary key (e.g. to int or Guid instead of string), make sure you use the options.ReplaceDefaultEntities<TKey>() core extension accepting a TKey generic argument and use the generic options.UseOpenIddict<TKey>() overload to configure Entity Framework Core to use the specified key type:

services.AddOpenIddict()
    .AddCore(options =>
    {
        // Configure OpenIddict to use the default entities with a custom key type.
        options.UseEntityFrameworkCore()
               .UseDbContext<ApplicationDbContext>()
               .ReplaceDefaultEntities<Guid>();
    });

services.AddDbContext<ApplicationDbContext>(options =>
{
    // Configure the context to use Microsoft SQL Server.
    options.UseSqlServer(configuration["Data:DefaultConnection:ConnectionString"]);

    options.UseOpenIddict<Guid>();
});
  • Create your own authorization controller:

To support the password or the client credentials flow, you must provide your own token endpoint action. To enable authorization code/implicit flows support, you'll similarly have to create your own authorization endpoint action and your own views/view models.

The Mvc.Server sample comes with an AuthorizationController that supports both the password flow and the authorization code flow and that you can easily reuse in your application.

Resources

Looking for additional resources to help you get started with 3.0? Don't miss these interesting blog posts:

Posts written for previous versions of OpenIddict:

Support

Need help or wanna share your thoughts? Don't hesitate to join us on Gitter or ask your question on StackOverflow:

Contributors

OpenIddict is actively maintained by Kévin Chalet. Contributions are welcome and can be submitted using pull requests.

Special thanks to the following sponsors for their incredible support:

License

This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See http://www.apache.org/licenses/LICENSE-2.0.html for more details.