Wow – we’re done! Brock and I spent the last two weeks 14h/day refactoring, polishing, testing and refining IdentityServer for ASP.NET Core…and I must say it’s the best STS we’ve written so far…
We kept the same approach as before, that IdentityServer takes care of all the hard things like protocol handling, validation, token generation, data management and security – while you only need to model your application architecture via scopes, clients and users. But at the same time we give you much more flexibility for handling custom scenarios, workflows and user interactions. We also made it easier to get started.
There are too many new features to talk about all of them in this post – but to give you an overview:
- integration in ASP.NET Core’s pipeline, DI system, configuration, logging and authentication handling
- complete separation of protocol handling and UI thus allowing you to easily modify the UI in any way you want
- simplified persistence layer
- improved key material handling enabling automatic key rotation and remote signing scenarios
- allowing multiple grant types per client
- revamped support for extension grants and custom protocol responses
- seamless integration into ASP.NET Core Identity (while retaining the ability to use arbitrary other data sources for your user management)
- support for public clients (clients that don’t need a client secret to use the token endpoint)
- support for default scopes when requesting tokens
- support for ASP.NET Core authentication middleware for external authentication
- improved session management and authentication cookie handling
- revamped and improved support for CORS
- re-worked middleware for JWT and reference token validation
- tons of internal cleanup
We will have separate posts detailing those changes in the coming weeks.
Where to start?
Our new website https://identityserver.io will bring you to all the relevant sites: documentation, github repo and our new website for commercial support options.
Add the IdentityServer package to you project.json:
“IdentityServer4”: “1.0.0-rc1”
and start coding ;)
We also added a number of quickstart tutorials that walk you through common scenarios:
- Overview
- Protecting an API using client credentials
- Protecting an API using passwords
- OpenID Connect authentication
- External authentication
- Hybrid Flow and API access
- ASP.NET Core Identity
- JavaScript
Everything is still work in progress, but we have the feeling we are really close to how we want the final code to look and feel.
Give it a try – and give us feedback on the issue tracker. Release notes can be found here.
Have fun!
leastprivilege.com 
That’s pretty awesome news. Congrats.
thanks!
Thank you!
Brilliant, just brilliant… And the documentation? Wow!… If Microsoft aren’t paying you guys for doing what they wouldn’t, then shame on them!.
Can I have your autograph!!! Congrats :) you guys rock :)
Good work guys! This is great news.
Congratulations on the great documentation. I’m following the quick start guide step by step and I am really enjoying the process
Thanks Dominick. I just missed it by minutes i believe and ended up using build 309. Will update now. Thanks again. :-)
Well done guys ! Fantastic work
Great news. This will be next thing to try out! Keep on rocking :)
Nice job guys; looking forward to trying it out!
Great job and we love it.
Great news and congratulations to another nice piece of software and I am eager to use it!
Thanks Guys, Awesome job.
Using the Setup and Overview getting this error.
Error CS0121 The call is ambiguous between the following methods or properties: ‘Microsoft.AspNetCore.Hosting.WebHostBuilderExtensions.UseUrls(Microsoft.AspNetCore.Hosting.IWebHostBuilder, params string[])’ and ‘Microsoft.AspNetCore.Hosting.HostingAbstractionsWebHostBuilderExtensions.UseUrls(Microsoft.AspNetCore.Hosting.IWebHostBuilder, params string[])’ WebApplication1..NETCoreApp,Version=v1.0
I think thats unrelated to IdentityServer…
Thanks Dominick, for the quick reply.
It only happens after I add this to the project.json -> “IdentityServer4”: “1.0.0-rc1”.
Compare with our quickstarts – and if you spot the problem – open an issue on github.
https://github.com/IdentityServer/IdentityServer4.Samples/tree/dev/Quickstarts
Sorry it was my problem, but if anyone else has these errors please make sure you have downloaded the .NET Core Tools for Visual Studio. from here https://go.microsoft.com/fwlink/?LinkId=817245
Great news. Is there any guidelines of upgrading from IdentityServer 3 to IdentityServer 4?
Thanks. No – not yet.