IdentityServer: Preview of the OpenID Connect Basic Client Profile

Posted on July 16, 2013 by Dominick Baier

The mid term plan is that OpenID Connect will replace the plain OAuth2 endpoints in IdentityServer. As a first step, I just checked in a preview of the OIDC basic client profile support (see this doc).

The preview consists of two parts:

  • OIDC authorize/token/userinfo endpoints for IdSrv
  • ASP.NET client module

To enable the above endpoints, simply uncomment the OIDC routes in ProtocolConfig.cs.

To register an OIDC client, create an OAuth2 code flow client for now:

image

And adjust the settings in the sample client project web.config accordingly:

<oidcClient clientId=oidccode

            clientSecret=secret

            scope=profile

            issuerName=http://identityserver.v2.thinktecture.com/samples

            signingCertificate=CN=STS>

 

  <endpoints authorize=https://idsrv.local/issue/oidc/authorize

             token=https://idsrv.local/issue/oidc/token

             userInfo=https://idsrv.local/issue/oidc/userinfo />

</oidcClient>

 

The OIDC client module will then automatically redirect to the OpenID provider and coordinate the front/back channel work.

Have fun!

This entry was posted in ASP.NET, IdentityServer, WebAPI. Bookmark the permalink.

4 Responses to IdentityServer: Preview of the OpenID Connect Basic Client Profile

  1. brockallen says:
    July 16, 2013 at 18:23

    Reblogged this on brockallen and commented:
    Dominick is a machine!

    Reply
  2. Vigy says:
    November 27, 2013 at 02:45

    signing certificate error throwing at below code in OIDC sample(CodeFlowClient). I used the certificate name that was used to configure Identity Server. Should I do anything else?

    var signingcert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find(config.SigningCertificate, false).First();

    Error:
    ——————————-
    Sequence contains no elements
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
    Exception Details: System.InvalidOperationException: Sequence contains no elements
    Source Error:
    Line 149: var clientSecret = config.ClientSecret;
    Line 150: var issuerName = config.IssuerName;
    Line 151: var signingcert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find(
    Line 152: config.SigningCertificate, false).First();
    Line 153: var callUserInfoEndpoint = config.CallUserInfoEndpoint;
    Source File: xxxxxxx\samples\OIDC\Thinktecture.IdentityModel.Oidc\OpenIdConnectAuthenticationModule.cs Line: 151

    Reply
  3. my914 says:
    January 8, 2014 at 06:45

    I am also getting the same error. Can someone describe the configuration error that I have and how to correct it?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s