you should know. Use some specific terminology in the document and object model:OpenID Connect Provider (OP) Licensing server
Thinktecture Identityserver v3 is an open source OpenID connect provider and OAUTH2 authentication Server on a. NET platform, and OpenID connect provider has different sayings in different writings, and you may find Some are called security token service providers, authorization servers, ip-sts, and more.
In a nutshell, they have something in common: a piece of software that provides a security token to the client.
Identityserver has many responsibilities and features including:
Authenticating users with local account storage or through an external identity provider
Provides session management and single sign-on
Managing Client and client authorizations
Issue access tokens to clients
Verify token
Client
The client is the software that requests access to the Identityserver or identity token. Clients can be of different types of applications: desktop or mobile, browser-based or server-based applications.
Whether the client is for user authentication or access to the resource client must be registered with the authorization server.
User
The user is the person who accesses their data using a registered client.
Scope
A scope is a resource identifier that a client wants to access. The scope needs to be appended to the request during an authentication process or token acquisition.
By default, each client can request a token at any scope, but you can limit it.
The scope is divided into 2 types:
Identity scope
Request a user's identity information (also called claims), his name or email address is considered a scope of OpenID connect. For example, a scope called "Profile" includes first name, last name, preferred user name, gender, photo, and more. You can click here to read about scope information
And you can create your own scope in the Identityserver model as you want.
Resource Scope
Resource scopes is typically the identifier of the Web API (also called the resource server). For example, you can create a resource scope named "Calendar" to identify your calendar API.
Authentication/Token Request
The client requests a token from the authorization server according to the scope, the authorization server returns an identity token, an access token (access token), or both returns.
Identity token
An identity token represents the result of a certification process. It contains the minimum identifier (sub claim) of the user. It can contain detailed user additional information after authorization.
The access token (access token)
An access token allows access to a resource. The client requests an access token to forward their API. The access token contains the client and user information, if any. The API uses information to authorize access to their data.
. NET open source OpenID and OAuth Solutions thinktecture identityserver (ii)