. NET open source OpenID and OAuth solutions thinktecture identityserver

OpenID addresses cross-site authentication issues, and OAuth addresses cross-site licensing issues. Authentication and authorization are inseparable. The two sets of protocols for OpenID and OAuth come from two different organizations with similarities and overlaps, so it's difficult to integrate them. Fortunately, OpenID Connect, as the next version of OpenID, expands on the OAuth 2.0 protocol, which is a good solution to the unity of authentication and authorization, and to the convenience of developers. Thinktecture Identityserver v3 is an open source OpenID Connect provider and OAuth2 authentication Server on a. NET platform.

The Identityserver security model is based on two primitive primitives: client and scope:

Client

The client is the software that requests access to the Identityserver or identity token. Customers can be different types of applications: desktop or mobile, browser-based or server-based applications. OpenID connections and OAuth2 describe (also known as processes) how different clients request token mode. Check the specifications for detailed information about the process.

By default, clients can request any scope defined in identityserver-, but you can limit the scopes that each client can request.

Scope

A scope is an identifier for a resource (often also known as a Web API). You can create a calendar for you as a range called "Calendar" api--or "calendar.readonly" if you want to divide your calendar's API into sub-"regions"-in this case read-only access.

If allowed, this scope will be included as a token in the access token, and the client can then request a tag such as the "Calendar" range. You can then determine whether the scope is the current authenticated access token when the calendar API (or Resource).

Depending on the process and configuration, the request scope is displayed to the user before the token is issued. This gives the user the opportunity to allow or deny access to the service. This is called consent.

The scope of the OpenID connection is somewhat special. They define an endpoint that can require the user's identity information and user information. Each OpenID connection scope has associated claims, such as the first name, last name, gender, profile picture, and more, that the "profile" scope maps to.

Identityserver supports both the "resource" scope and the OpenID connection scope.

Understanding OAuth 2.0

Thinktecture Identityserver and Codefluent entities

Token-based authentication and claims-based identity