IdentityModel v3 changes

I have updated all the projects (IdentityModel, IdentityServer and AuthorizationServer) and the corresponding samples to the GA version of the Microsoft JWT handler.

While doing that, I took the opportunity to clean up IdentityModel quite a bit. This resulted in breaking changes – but I also increased the version number to v3, which means that Nuget will not automatically update.

What has changed?
I removed all my JWT and SWT plumbing (the tokens, handlers and “helper” classes). JWT is completely replaced by Microsoft’s JWT handler…and SWT is gone. I also removed some of the older authorization bits that were never really used.

What does that mean for Web API and AuthenticationHandler?
Nothing! The configuration extension methods still have the same signatures, but use the MS JWT handler under the covers now. But you have more options now – in addition to symmetric signing keys, you can also use X.509 certificates and you can control how the handler maps JWT claims to .NET claims, e.g:


    issuer: Constants.IdSrv.IssuerUri,

    audience: Constants.Audience,

    signingKey: Constants.IdSrv.SigningKey);


Wires up the JWT handler with a symmetric signing key and the standard MS claims mappings.

The next snippet turns claims mappings completely off:

    issuer: Constants.AuthzSrv.IssuerName,
    audience: Constants.Audience,
    signingKey: Constants.AuthzSrv.SigningKey,
    claimMappings: ClaimMappings.None);


Instead of ClaimMappings.None you can also pass in a dictionary to define your own mappings.

The source code is on github, the Nuget is here.

This entry was posted in IdentityModel, WebAPI. Bookmark the permalink.

1 Response to IdentityModel v3 changes

  1. Pingback: Uppsnappat på NDC 2013 | Ayoy

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s