The future of OAuth2 and OpenID Connect in IdentityServer

We are very close to an implementation of the OpenID Connect “Basic Client Profile”. This is the “OAuth2 sign-in” feature in IdentityServer that most people want – just done right. In addition we have AuthorizationServer which features a full implementation of OAuth2.

That means that the plain OAuth2 endpoints in IdentityServer are not really needed anymore. Rather use IdentityServer for IdP/authentication/identity token concerns and AuthorizationServer for R-STS/authorization/access token concerns.

That further means that we will remove the OAuth2 endpoints (apart from resource owner flow which is close enough to WS-Trust) from IdSrv in one of the next releases.

If you have concerns or feedback, please leave a comment.


This entry was posted in AuthorizationServer, IdentityServer, OAuth, WebAPI. Bookmark the permalink.

2 Responses to The future of OAuth2 and OpenID Connect in IdentityServer

  1. epicthreedev says:

    We have set all of our mobile platforms to use OAuth2 and we are using the built in user store for all of our users. How will that be affected? Is there documentation on setting up Authorization Server if you’re already using Identity Server.

    We use Identity Server to
    1. make sure you are you
    2. return your identity via a token along with your claims
    3. set token lifetime to 20 minutes so we can enforce refreshing your token to ensure you are still active.
    4. relying parties now use your Identity to confirm you have proper claims to be authorized to access resources.

    Perhaps I’m missing the difference on authentication and authorization here. When would I use Identity Server and when would I use Authorization Server?

    Thanks for the help with this. We are committed to your product right now.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s