The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you!
What we’ve done so far
- Started with File –> New
- Implemented OpenID Connect basic and implicit client profile (including support for form post response mode)
- Implemented support for OpenID Connect discovery documents and session logout
- Implemented OAuth2 code, client credentials, password and assertion grants
- Created a general purpose login page and consent screen for local and external accounts
- created out of the box support for MembershipReboot and ASP.NET Identity
- integrated existing Katana authentication middleware for social providers
- and made that all pluggable
- Defined an authorization enforcement policy around clients, flows, redirect URIs and scopes
- Designed everything to run on minimal data access interfaces so you can seamlessly scale from in-memory objects to simple config files up to relational or document databases for configuration and state management
- Designed everything to be API-first
- Defined several extensibility points that allow customization of request validation, token creation, claims acquisition and transformation and more
- and yes, we don’t use MEF anymore …
- Split up IdSrv into composable components like core token engine and authentication, configuration APIs, configuration UIs and user management
- These components use OWIN/Katana and Web API as abstractions which means we have quite a bit of flexibility when it comes to logical hosting – embeddable in an existing application or standalone
- When it comes to physical hosting, we have no dependency on IIS and System.Web which means you can use a command line, OWIN host, an NT Service, of course IIS or any other OWIN/Katana compatible server
Minimal startup code:
public void Configuration(IAppBuilder app)
app.Map(“/core”, coreApp =>
var factory = TestOptionsFactory.Create(
issuerUri: “https://idsrv3.com “,
siteName: “Thinktecture IdentityServer v3”,
publicHostAddress: “http://localhost:3333 “);
var opts = new IdentityServerCoreOptions
Factory = factory,
- quite a bit, e.g.
- a persistence layer for configuration and state – everything is in-memory right now which is good enough for testing
- Refresh tokens
- Admin UI and APIs
- OpenID Connect session management and cleanup
- Support for WS-Federation and OpenID Connect based identity providers for federation
- A lot more testing
- Your feedback!
- We’ve defined several milestones over the next months for implementing the next rounds of features. We currently plan to be done with v1 around end of summer.
- Participate in OpenID Connect compatibility and interop testing (see here).
Where to get it?
Oh – and I should mention – while designing IdentityServer v3 we realized that we really also need a good solution for managing users, identity, claims etc – and that this should be ideally a separate project – so I’d also like to announce Thinktecture IdentityManager – head over to Brock’s blog to find out more!!!
Looking forward to your feedback!