The Future of AuthorizationServer

Now that IdentityServer v3 is almost done, it makes sense to “deprecate” some of the older projects. Especially all of the functionality of AuthorizationServer is completely replaced by the IdSrv3 feature set.

AuthorizationServer is actually a pretty small and compact code base, and a relatively complete implementation of OAuth2 including a simple authorization model based on clients, applications and scopes. Also there are no major bugs (that we know about) or feature gaps.

IOW – if you want to use AS, simply make it part of your own code base and feel free to change it at will. Check the wiki for documentation.

If somebody wants to take over the project, contact me.

This entry was posted in ASP.NET, AuthorizationServer, OAuth, WebAPI. Bookmark the permalink.

8 Responses to The Future of AuthorizationServer

  1. daverupp says:

    Hey Dominick
    Is there a way to host the AS via vnext?

  2. cotepatrice says:

    Sad to ear that AS will no longer be supported, but it was clear since the merging in IdSrv v3. Since we use both in production for a few months, can you tell me when do you plan on releasing the first stable version ? So we can start planning ahead and evaluating a possible migration scenario.

    And thanks again to you and Brock (and all contributors) for all the great work !

    • Hey – you can always check the milestones on github. But RTM will be end of January.

      and btw – there is no need to migrate. AS is fine. We just stop maintaining it – but it also done.

      • cotepatrice says:

        But since we will now be able to get more out of one single product, we will probably migrate. Since we have a few differents environments, we will save a few website to manage and the IT guys will like us. Seriously, the implementation of OpenId connect alone worth the migration to v3 I guess.

  3. Hey – you can always check the milestones on github. But RTM will be end of January.

  4. DickB says:

    Hi, I only found out now about Authorization Server being deprecated.
    I understand, going forward, the OAuth2-implementation now will be part again of IdentityServer v3.
    I’m actually a bit surprised since the AS-wiki makes an argument pro “ADFS side-by-side with AM” because both concerns are better of being separated anyway:

    “(…)For many real world scenarios it is actually beneficial that AS and ADFS are separate pieces. ADFS is typically administrated by “Domain Admins” whereas the authorization server logically belongs to the application and thus to “Application Admins”. I’ve seen a lot of friction between those two parties. Separating the concerns makes them often happier. (…)”
    (https://leastprivilege.com/2013/09/19/adding-oauth2-to-adfs-and-thus-bridging-the-gap-between-modern-applications-and-enterprise-back-ends/)

    Does it make sense to host IdentityServer v3 side-by-side with ADFS in which IdentityServer would take up the role of the AuthorizationServer? What are the favorable scenario’s ?

    Thanks in advance

    DickB

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s