In short: is released (along with the introspection and access control validation handler).
As part of the longer version, you might ask yourself how we can do that before ASP.NET Core 3 itself is released. Well – it’s a slightly complicated story.
Since the IdentityServer Nuget packages are referenced in some of the ASP.NET Core 3 templates, we had a bit of a chicken/egg situation, and we worked closely with the ASP.NET Team (thanks Javier!) to make sure we are doing this right.
Our 3.0 version is referencing ASP.NET Core 3 Preview9 which is fully supported for production and we were promised that there won’t be any changes that affect us between now and their RTM. IOW – ASP.NET Core 3 will ship with a reference to our 3.0 – and on the 23rd September, we will release a 3.0.1 which then will in turn reference their 3.0…and hopefully all the stars align ;)
(For those who know – this concludes a long – and sometimes painful – journey, that started back in 2012)
Long story short – our version of IdentityServer4 targeting ASP.NET Core 3 is now on Nuget, and you can give it a try. Next step for us is updating all our docs, samples and workshop materials, which should be done by the 23rd September.
What’s new?
Well not a lot really. Our main focus was to ensure compatibility with ASP.NET Core 3, but since we had the opportunity to do a bit of a re-org, we added the last missing pieces that were required for our FAPI compliance. Namely support for the PS* family of signing algorithms (along with support for elliptic curves as well) and s_hash support. More details in upcoming blog posts.
As always – feedback is appreciated.
repo / commits / release notes
leastprivilege.com 
Hi Dominic,
in need to provide an authorization server for some APIs and MVC sites. I’ve heard about identityserver before but never used it. As i’m going to target ASP.Net Core 3 this sounds very good. I had a first look at the SPA Template in the latest VS 19 Preview 4. (The only template that uses identityserver). For me it looks like that the integration (magic ms extension methods :)) is tightly coupled to be used only within this single site. Is there a way to seperate the auth server part so that it can be used by other projects. In other words: Can i use the covenience approach from the template to easily build an authorization server.
Cheers
Yes you can. https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-3.0#other-configuration-options
Or you can use IdentityServer without the templates and get the full power.
Just wondering why the IdentityServer4 component was retargeted to netcoreapp3.0 from netstandard2.0? This has caused me no end of grief since we can no longer reference this component from our NetStandard components.
From the github commit:
IdentityServer4.AspNetIdentity.csproj – netstandard2.0 -> netcoreapp3.0
IdentityServer4.EntityFramework.csproj – netstandard2.0 -> netcoreapp3.0
IdentityServer4.EntityFramework.Storage.csproj – netstandard2.0 -> netstandard2.1
IdentityServer4.csproj – netstandard2.0 -> netcoreapp3.0
Check our dependencies, e.g.
https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect/
or ASP.NET Core 3 itself.
Makes sense?