A couple of weeks ago I started re-writing (an re-designing) my OpenID Connect & OAuth 2 client library for native applications. The library follows the guidance from the OpenID Connect and OAuth 2.0 for native Applications specification.
Main features are:
- Support for OpenID Connect authorization code and hybrid flow
- Support for PKCE
- NetStandard 1.4 library, which makes it compatible with x-plat .NET Core, desktop .NET, Xamarin iOS & Android (and UWP soon)
- Configurable policy to lock down security requirements (e.g. requiring at_hash or c_hash, policies around discovery etc.)
- either stand-alone mode (request generation and response processing) or support for pluggable (system) browser implementations
- support for pluggable logging via .NET ILogger
In addition, starting with v2 – OidcClient is also now certified by the OpenID Foundation for the basic and config profile.
It also passes all conformance tests for the code id_token grant type (hybrid flow) – but since I don’t support the other hybrid flow combinations (e.g. code token or code id_token token), I couldn’t certify for the full hybrid profile.
For maximum transparency, I checked in my conformance test runner along with the source code. Feel free to try/verify yourself.
The latest version of OidcClient is the dalwhinnie release (courtesy of my whisky semver scheme). Source code is here.
I am waiting a couple more days for feedback – and then I will release the final 2.0.0 version. If you have some spare time, please give it a try (there’s a console client included and some more sample here <use the v2 branch for the time being>). Thanks!
MissingMethodException + Method not found: ‘IdentityServer4.Configuration Method not found: ‘IdentityServer4.Configuration.AuthenticationOptions IdentityServer4.Configuration.IdentityServerOptions.get_AuthenticationOptions() When I just run the Authentication Server without the API or client projects. Am I missing anything?
How is that related to this blog post? The github issue tracker of IdentityServer is the right place for this,
well, I am looking for client code to use in a relying party web site and hoped that was what you were building, but I can’t really tell.
I installed and built the code and looked at the samples.
Perhaps a little guidance as to what I am looking at?
“C#/NetStandard OpenID Connect Client Library for native mobile/desktop Applications”
IOW It’s not for web sites
Pingback: Native OIDC client sample for Windows that uses custom URI scheme handler | brockallen