Note
This documentation is a work-in-progress. To contribute, please visit https://github.com/openiddict/openiddict-documentation.
-What's OpenIddict?
-OpenIddict aims at providing a versatile solution to implement an OpenID Connect server and token validation in any ASP.NET Core 2.1 (and higher) application. +
OpenIddict
+ +The OpenID Connect stack you'll be addicted to.
+
What's OpenIddict?
+OpenIddict aims at providing a versatile solution to implement OpenID Connect client, server and token validation support in any ASP.NET Core 2.1 (and higher) application. ASP.NET 4.6.1 (and higher) applications are also fully supported thanks to a native Microsoft.Owin 4.2 integration.
OpenIddict fully supports the code/implicit/hybrid flows, the client credentials/resource owner password grants and the device authorization flow.
OpenIddict natively supports Entity Framework Core, Entity Framework 6 and MongoDB out-of-the-box and custom stores can be implemented to support other providers.
-Getting started
+Getting started
Developers looking for a simple and turnkey solution are strongly encouraged to use OrchardCore and its OpenID module, which is based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.
-To implement a custom OpenID Connect server using OpenIddict, read Getting started.
+To implement a custom OpenID Connect server using OpenIddict, read Getting started.
Samples demonstrating how to use OpenIddict with the different OAuth 2.0/OpenID Connect flows can be found in the dedicated repository.
-Compatibility matrix
+Compatibility matrix
| ASP.NET Core 5.0 | .NET 5.0 | ✔️ | -✔️ | +❗ |
| ASP.NET Core 6.0 | @@ -195,8 +196,8 @@ can be found in the d
❗ Note: ASP.NET Core 2.1 on .NET Core 2.1 is no longer supported. While OpenIddict 4.x can still be used on .NET Core 2.1 -thanks to its .NET Standard 2.0 compatibility, users are strongly encouraged to migrate to ASP.NET Core/.NET 6.0. +
❗ Note: ASP.NET Core 2.1 on .NET Core 2.1 and ASP.NET Core 5.0 on .NET 5.0 are no longer supported. While OpenIddict 4.x can still be +used on .NET Core 2.1 thanks to its .NET Standard 2.0 compatibility, users are strongly encouraged to migrate to ASP.NET Core/.NET 6.0. ASP.NET Core 2.1 on .NET Framework 4.6.1 (and higher) is still fully supported.
ℹ️ Note: the following features are not available when targeting .NET Framework 4.6.1:
-
@@ -205,7 +206,7 @@ will result in a
- X.509 ECDSA signing certificates/keys: calling
AddSigningCertificate()orAddSigningKey()with an ECDSA certificate/key will always result in aPlatformNotSupportedExceptionbeing thrown at runtime.
PlatformNotSupportedException being thrown at runt
Certification
+Certification
Unlike many other identity providers, OpenIddict is not a turnkey solution but a framework that requires writing custom code to be operational (typically, at least an authorization controller), making it a poor candidate for the certification program.
While a reference implementation could be submitted as-is, this wouldn't guarantee that implementations deployed by OpenIddict users would be standard-compliant.
@@ -215,9 +216,12 @@ with the OpenID Connect Provider Certification tool and demonstrate that OpenIdd as fast as possible, that sample doesn't include any membership or consent feature (two hardcoded identities are proposed for tests that require switching between identities).-
Resources
+Resources
Looking for additional resources to help you get started with OpenIddict? Don't miss these interesting blog posts:
-
+
- OpenIddict 4.0 preview1 is out by Kévin Chalet +
- Introducing the OpenIddict-powered providers by Kévin Chalet +
- Introducing the OpenIddict client by Kévin Chalet
- Secure a Blazor WASM ASP.NET Core hosted APP using BFF and OpenIddict by Damien Bowden
- How to Secure ASP.NET Core Applications with OpenIddict Using Virto Commerce B2B eCommerce: Tech Case Study by Virto Commerce
- OpenIddict 3.0 general availability by Kévin Chalet @@ -236,18 +240,19 @@ as fast as possible, that sample doesn't include any membership or consent f
- OrchardCore OpenID module: turnkey OpenID Connect server and token validation solution, built with multitenancy in mind
- OpenIddict UI by Thomas Duft: headless UI for managing client applications and scopes
- P41.OpenIddict.CouchDB by Panos Athanasiou: CouchDB stores for OpenIddict +
- pixel-identity by Nishant Singh: Ready to host OpenID Connect service using OpenIddict and ASP.NET Identity with a Blazor-based UI for managing users, roles, applications and scopes with support for multiple databases.
Security policy
+Security policy
Security issues and bugs should be reported privately by emailing security@openiddict.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
-Support
+Support
If you need support, please make sure you sponsor the project before creating a GitHub ticket. If you're not a sponsor, you can post your questions on Gitter or StackOverflow:
- Gitter: https://gitter.im/openiddict/openiddict-core
- StackOverflow: https://stackoverflow.com/questions/tagged/openiddict
Nightly builds
+Nightly builds
If you want to try out the latest features and bug fixes, there is a MyGet feed with nightly builds of OpenIddict.
To reference the OpenIddict MyGet feed, create a NuGet.config file (at the root of your solution):
<?xml version="1.0" encoding="utf-8"?>
@@ -257,33 +262,11 @@ To reference the OpenIddict MyGet feed, create a NuGet.configContributors
+Contributors
OpenIddict is actively maintained by Kévin Chalet. Contributions are welcome and can be submitted using pull requests.
-Special thanks to our sponsors for their incredible support:
--
-
- Sébastien Ros -
- mridentity -
- Andrew -
- gustavdw -
- Gillardo -
- Dovydas Navickas -
- Christian Schmitt -
- Thomas W -
- torfikarl -
- Lewis Cianci -
- Florian Wachs -
- Vasko Poposki -
- Sebastian Stehle -
- Michael Hochriegl -
- sunielreddy -
- Communicatie Cockpit -
- Keith Turner -
- WGMurray -
- Thomas Bjallas -
- Pablo Pioli -
- Michael Calasanz -
License
+Special thanks to our sponsors for their incredible support:
+ +License
This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See http://www.apache.org/licenses/LICENSE-2.0.html for more details.