. NET open source OpenID and OAuth Solutions thinktecture identityserver (ii)

Source: Internet
Author: User
Tags oauth openid

you should know. Use some specific terminology in the document and object model:OpenID Connect Provider (OP) Licensing server

Thinktecture Identityserver v3 is an open source OpenID connect provider and OAUTH2 authentication Server on a. NET platform, and OpenID connect provider has different sayings in different writings, and you may find Some are called security token service providers, authorization servers, ip-sts, and more.

In a nutshell, they have something in common: a piece of software that provides a security token to the client.

Identityserver has many responsibilities and features including:

    • Authenticating users with local account storage or through an external identity provider

    • Provides session management and single sign-on

    • Managing Client and client authorizations

    • Issue access tokens to clients

    • Verify token

Client

The client is the software that requests access to the Identityserver or identity token. Clients can be of different types of applications: desktop or mobile, browser-based or server-based applications.

Whether the client is for user authentication or access to the resource client must be registered with the authorization server.

User

The user is the person who accesses their data using a registered client.

Scope

A scope is a resource identifier that a client wants to access. The scope needs to be appended to the request during an authentication process or token acquisition.

By default, each client can request a token at any scope, but you can limit it.

The scope is divided into 2 types:

Identity scope

Request a user's identity information (also called claims), his name or email address is considered a scope of OpenID connect. For example, a scope called "Profile" includes first name, last name, preferred user name, gender, photo, and more. You can click here to read about scope information

And you can create your own scope in the Identityserver model as you want.

Resource Scope

Resource scopes is typically the identifier of the Web API (also called the resource server). For example, you can create a resource scope named "Calendar" to identify your calendar API.

Authentication/Token Request

The client requests a token from the authorization server according to the scope, the authorization server returns an identity token, an access token (access token), or both returns.

Identity token

An identity token represents the result of a certification process. It contains the minimum identifier (sub claim) of the user. It can contain detailed user additional information after authorization.

The access token (access token)

An access token allows access to a resource. The client requests an access token to forward their API. The access token contains the client and user information, if any. The API uses information to authorize access to their data.

. NET open source OpenID and OAuth Solutions thinktecture identityserver (ii)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.