IdentityServer4 RC1

Wow – we’re done! Brock and I spent the last two weeks 14h/day refactoring, polishing, testing and refining IdentityServer for ASP.NET Core…and I must say it’s the best STS we’ve written so far…

We kept the same approach as before, that IdentityServer takes care of all the hard things like protocol handling, validation, token generation, data management and security – while you only need to model your application architecture via scopes, clients and users. But at the same time we give you much more flexibility for handling custom scenarios, workflows and user interactions. We also made it easier to get started.

There are too many new features to talk about all of them in this post – but to give you an overview:

  • integration in ASP.NET Core’s pipeline, DI system, configuration, logging and authentication handling
  • complete separation of protocol handling and UI thus allowing you to easily modify the UI in any way you want
  • simplified persistence layer
  • improved key material handling enabling automatic key rotation and remote signing scenarios
  • allowing multiple grant types per client
  • revamped support for extension grants and custom protocol responses
  • seamless integration into ASP.NET Core Identity (while retaining the ability to use arbitrary other data sources for your user management)
  • support for public clients (clients that don’t need a client secret to use the token endpoint)
  • support for default scopes when requesting tokens
  • support for ASP.NET Core authentication middleware for external authentication
  • improved session management and authentication cookie handling
  • revamped and improved support for CORS
  • re-worked middleware for JWT and reference token validation
  • tons of internal cleanup

We will have separate posts detailing those changes in the coming weeks.

Where to start?
Our new website will bring you to all the relevant sites: documentation, github repo and our new website for commercial support options.

Add the IdentityServer package to you project.json:

“IdentityServer4”: “1.0.0-rc1”

and start coding ;)

We also added a number of quickstart tutorials that walk you through common scenarios:

Everything is still work in progress, but we have the feeling we are really close to how we want the final code to look and feel.

Give it a try – and give us feedback on the issue tracker. Release notes can be found here.

Have fun!

This entry was posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI. Bookmark the permalink.

19 Responses to IdentityServer4 RC1

  1. That’s pretty awesome news. Congrats.

  2. Garrett Goebel says:

    Thank you!

  3. Xam says:

    Brilliant, just brilliant… And the documentation? Wow!… If Microsoft aren’t paying you guys for doing what they wouldn’t, then shame on them!.

  4. Can I have your autograph!!! Congrats :) you guys rock :)

  5. Diego says:

    Good work guys! This is great news.
    Congratulations on the great documentation. I’m following the quick start guide step by step and I am really enjoying the process

  6. Ammar says:

    Thanks Dominick. I just missed it by minutes i believe and ended up using build 309. Will update now. Thanks again. :-)

  7. mmihailov says:

    Great news. This will be next thing to try out! Keep on rocking :)

  8. Rob says:

    Nice job guys; looking forward to trying it out!

  9. Arun David sh Jayabalan says:

    Great job and we love it.

  10. Gordon Suchomski says:

    Great news and congratulations to another nice piece of software and I am eager to use it!

  11. Fred Besterwitch says:

    Thanks Guys, Awesome job.

    Using the Setup and Overview getting this error.

    Error CS0121 The call is ambiguous between the following methods or properties: ‘Microsoft.AspNetCore.Hosting.WebHostBuilderExtensions.UseUrls(Microsoft.AspNetCore.Hosting.IWebHostBuilder, params string[])’ and ‘Microsoft.AspNetCore.Hosting.HostingAbstractionsWebHostBuilderExtensions.UseUrls(Microsoft.AspNetCore.Hosting.IWebHostBuilder, params string[])’ WebApplication1..NETCoreApp,Version=v1.0

  12. Amith says:

    Great news. Is there any guidelines of upgrading from IdentityServer 3 to IdentityServer 4?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s