IdentityServer: Preview of the OpenID Connect Basic Client Profile

The mid term plan is that OpenID Connect will replace the plain OAuth2 endpoints in IdentityServer. As a first step, I just checked in a preview of the OIDC basic client profile support (see this doc).

The preview consists of two parts:

  • OIDC authorize/token/userinfo endpoints for IdSrv
  • ASP.NET client module

To enable the above endpoints, simply uncomment the OIDC routes in ProtocolConfig.cs.

To register an OIDC client, create an OAuth2 code flow client for now:


And adjust the settings in the sample client project web.config accordingly:

<oidcClient clientId=oidccode






  <endpoints authorize=https://idsrv.local/issue/oidc/authorize


             userInfo=https://idsrv.local/issue/oidc/userinfo />



The OIDC client module will then automatically redirect to the OpenID provider and coordinate the front/back channel work.

Have fun!

This entry was posted in ASP.NET, IdentityServer, WebAPI. Bookmark the permalink.

4 Responses to IdentityServer: Preview of the OpenID Connect Basic Client Profile

  1. brockallen says:

    Reblogged this on brockallen and commented:
    Dominick is a machine!

  2. Vigy says:

    signing certificate error throwing at below code in OIDC sample(CodeFlowClient). I used the certificate name that was used to configure Identity Server. Should I do anything else?

    var signingcert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find(config.SigningCertificate, false).First();

    Sequence contains no elements
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
    Exception Details: System.InvalidOperationException: Sequence contains no elements
    Source Error:
    Line 149: var clientSecret = config.ClientSecret;
    Line 150: var issuerName = config.IssuerName;
    Line 151: var signingcert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find(
    Line 152: config.SigningCertificate, false).First();
    Line 153: var callUserInfoEndpoint = config.CallUserInfoEndpoint;
    Source File: xxxxxxx\samples\OIDC\Thinktecture.IdentityModel.Oidc\OpenIdConnectAuthenticationModule.cs Line: 151

  3. my914 says:

    I am also getting the same error. Can someone describe the configuration error that I have and how to correct it?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s