diff --git a/configuration/encryption-and-signing-credentials.html b/configuration/encryption-and-signing-credentials.html index daf6b9b..a353727 100644 --- a/configuration/encryption-and-signing-credentials.html +++ b/configuration/encryption-and-signing-credentials.html @@ -98,8 +98,8 @@
  • Signing credentials are used to protect against tampering. They can be either asymmetric (e.g a RSA or ECDSA key) or symmetric.
  • Encryption credentials are used to ensure the content of tokens cannot be read by malicious parties. They can be either asymmetric (e.g a RSA key) or symmetric.
    • -
    Note

    Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation. -For more information about Data Protection, visit ASP.NET Core Data Protection.

    +
    Note

    Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation.

    +

    For more information about Data Protection, visit ASP.NET Core Data Protection.

    Registering credentials in the authorization server options

    OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates).

    @@ -120,8 +120,8 @@ are not used by OpenIddict and certificates with the furthest expiration date ar .AddEphemeralSigningKey(); });
    Note

    options.AddEphemeralEncryptionKey() generates an asymmetric RSA key which is not directly used as-is to encrypt the tokens but is used to encrypt an -intermediate per-token symmetric key with which the token content is first encrypted using AES. -For more information about this mechanism, read Key Encryption with RSAES OAEP.

    +intermediate per-token symmetric key with which the token content is first encrypted using AES.

    +

    For more information about this mechanism, read Key Encryption with RSAES OAEP.

    Registering a development certificate

    For development purposes, a certificate can be generated and stored by OpenIddict in the certificates store of the user account running the OpenIddict server feature. @@ -176,7 +176,7 @@ var data = certificate.Export(X509ContentType.Pfx, string.Empty);

    Importing credentials in the API/resource validation options

    Using the options.UseLocalServer() integration

    diff --git a/configuration/index.html b/configuration/index.html index 9ecfa7f..b3bcadd 100644 --- a/configuration/index.html +++ b/configuration/index.html @@ -6,9 +6,9 @@ - Configuration and settings + Configuration - + @@ -91,7 +91,7 @@
    -

    Configuration and settings

    +

    Configuration

    OpenIddict 3.0 comes with sensible defaults, but depending on the scenarios, the default settings can be amended to change how OpenIddict reacts to requests.

    diff --git a/configuration/toc.html b/configuration/toc.html index b54f77d..d1e1e67 100644 --- a/configuration/toc.html +++ b/configuration/toc.html @@ -24,10 +24,6 @@
  • Encryption and signing credentials -
    • -
  • - MongoDB integration -
  • Proof Key for Code Exchange diff --git a/guide/choosing-the-right-flow.html b/guides/choosing-the-right-flow.html similarity index 100% rename from guide/choosing-the-right-flow.html rename to guides/choosing-the-right-flow.html diff --git a/guide/choosing-the-right-flow/authorization-code-flow.png b/guides/choosing-the-right-flow/authorization-code-flow.png similarity index 100% rename from guide/choosing-the-right-flow/authorization-code-flow.png rename to guides/choosing-the-right-flow/authorization-code-flow.png diff --git a/guide/choosing-the-right-flow/client-credentials-flow.png b/guides/choosing-the-right-flow/client-credentials-flow.png similarity index 100% rename from guide/choosing-the-right-flow/client-credentials-flow.png rename to guides/choosing-the-right-flow/client-credentials-flow.png diff --git a/guide/choosing-the-right-flow/consent-form.png b/guides/choosing-the-right-flow/consent-form.png similarity index 100% rename from guide/choosing-the-right-flow/consent-form.png rename to guides/choosing-the-right-flow/consent-form.png diff --git a/guide/choosing-the-right-flow/implicit-flow.png b/guides/choosing-the-right-flow/implicit-flow.png similarity index 100% rename from guide/choosing-the-right-flow/implicit-flow.png rename to guides/choosing-the-right-flow/implicit-flow.png diff --git a/guide/choosing-the-right-flow/resource-owner-password-flow.png b/guides/choosing-the-right-flow/resource-owner-password-flow.png similarity index 100% rename from guide/choosing-the-right-flow/resource-owner-password-flow.png rename to guides/choosing-the-right-flow/resource-owner-password-flow.png diff --git a/guide/getting-started.html b/guides/getting-started.html similarity index 89% rename from guide/getting-started.html rename to guides/getting-started.html index 368ab2c..8cecfc2 100644 --- a/guide/getting-started.html +++ b/guides/getting-started.html @@ -113,12 +113,11 @@ Here's an example for the client credentials grant, used in machine-to-machi services.AddDbContext<ApplicationDbContext>(options => { - // Configure the context to use Microsoft SQL Server. + // Configure Entity Framework Core to use Microsoft SQL Server. options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")); // Register the entity sets needed by OpenIddict. - // Note: use the generic overload if you need - // to replace the default OpenIddict entities. + // Note: use the generic overload if you need to replace the default OpenIddict entities. options.UseOpenIddict(); }); @@ -186,33 +185,16 @@ Here's an example for the client credentials grant, used in machine-to-machi

  • Update your Entity Framework Core context registration to register the OpenIddict entities:

    services.AddDbContext<ApplicationDbContext>(options =>
 {
-    // Configure the context to use Microsoft SQL Server.
+    // Configure Entity Framework Core to use Microsoft SQL Server.
     options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
 
     // Register the entity sets needed by OpenIddict.
-    // Note: use the generic overload if you need
-    // to replace the default OpenIddict entities.
+    // Note: use the generic overload if you need to replace the default OpenIddict entities.
     options.UseOpenIddict();
 });
-
    Warning

    If you change the default entity primary key (e.g. to int or Guid instead of string), make sure you use the options.ReplaceDefaultEntities<TKey>() -core extension accepting a TKey generic argument and use the generic options.UseOpenIddict<TKey>() overload to configure EF Core to use the specified type:

    -
    services.AddOpenIddict()
-    .AddCore(options =>
-    {
-        // Configure OpenIddict to use the default entities with a custom key type.
-        options.UseEntityFrameworkCore()
-               .UseDbContext<ApplicationDbContext>()
-               .ReplaceDefaultEntities<Guid>();
-    });
-
-services.AddDbContext<ApplicationDbContext>(options =>
-{
-    // Configure the context to use Microsoft SQL Server.
-    options.UseSqlServer(configuration["Data:DefaultConnection:ConnectionString"]);
-
-    options.UseOpenIddict<Guid>();
-});
-
    +
    Note

    By default, the OpenIddict Entity Framework Core integration uses string as the default type for primary keys. +To use a different type, read Entity Framework Core integration : Use a custom primary key type.

    +

  • Create your own authorization controller: Implementing a custom authorization controller is required to allow OpenIddict to create tokens based on the identities and claims you provide. diff --git a/guide/index.html b/guides/index.html similarity index 100% rename from guide/index.html rename to guides/index.html diff --git a/guide/migration/20-to-30.html b/guides/migration/20-to-30.html similarity index 100% rename from guide/migration/20-to-30.html rename to guides/migration/20-to-30.html diff --git a/guide/toc.html b/guides/toc.html similarity index 100% rename from guide/toc.html rename to guides/toc.html diff --git a/index.html b/index.html index 9385834..823bd1a 100644 --- a/index.html +++ b/index.html @@ -99,7 +99,7 @@

    -

    Introduction

    +

    Introduction

    Read an introduction on OpenIddict and the reason it was created.

    @@ -107,7 +107,7 @@
    -

    Getting started

    +

    Getting started

    Get started quickly by working through this step-by-step guide.

    diff --git a/integrations/entity-framework-core.html b/integrations/entity-framework-core.html new file mode 100644 index 0000000..701f483 --- /dev/null +++ b/integrations/entity-framework-core.html @@ -0,0 +1,223 @@ + + + + + + + + + Entity Framework Core integration + + + + + + + + + + + + + + + + + + +
    + + + + + + + + OpenIddict + OpenIddict + +
    + +
    + +
    + + + +
    + +
    + + +
    + +
    + +
    +

    Entity Framework Core integration

    + +

    Basic configuration

    +

    To configure OpenIddict to use Entity Framework Core as the database for applications, authorizations, scopes and tokens, you'll need to:

    +
      +

    • Reference the OpenIddict.EntityFrameworkCore package:

      +
      <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="3.1.1" />
+
      • +

    • Create a database context deriving from DbContext (or IdentityDbContext when using ASP.NET Core Identity):

      +
      public class ApplicationDbContext : DbContext
+{
+    public ApplicationDbContext(DbContextOptions options)
+        : base(options)
+    {
+    }
+}
+
      • +

    • Configure OpenIddict to use the Entity Framework Core stores:

      +
      services.AddOpenIddict()
+    .AddCore(options =>
+    {
+        options.UseEntityFrameworkCore()
+               .UseDbContext<ApplicationDbContext>();
+    });
+
      • +

    • Configure Entity Framework Core to register the OpenIddict entities in the model:

      +
      services.AddDbContext<ApplicationDbContext>(options =>
+{
+    // Configure the Entity Framework Core to use Microsoft SQL Server.
+    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
+
+    // Register the entity sets needed by OpenIddict.
+    options.UseOpenIddict();
+});
+
      • +

    • Use migrations or recreate the database to add the OpenIddict entities. +For more information, read Migrations Overview.

      +
      • +
    +

    Advanced configuration

    +

    Use a custom primary key type

    +

    By default, the Entity Framework Core integration uses string primary keys, which matches the default key type used by ASP.NET Core Identity.

    +

    To use a different key type (e.g int, long or Guid):

    +
      +

    • Call the generic ReplaceDefaultEntities<TKey>() method to force OpenIddict to use the default entities with the specified key type:

      +
      services.AddOpenIddict()
+    .AddCore(options =>
+    {
+        // Configure OpenIddict to use the default entities with a custom key type.
+        options.UseEntityFrameworkCore()
+               .UseDbContext<ApplicationDbContext>()
+               .ReplaceDefaultEntities<Guid>();
+    });
+
      • +

    • Configure Entity Framework Core to include the default entities with the chosen key type in the model:

      +
      services.AddDbContext<ApplicationDbContext>(options =>
+{
+    // Configure Entity Framework Core to use Microsoft SQL Server.
+    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
+
+    // Register the entity sets needed by OpenIddict but use a custom key type.
+    options.UseOpenIddict<Guid>();
+});
+
      • +
    +

    Use custom entities

    +

    For applications that require storing additional data alongside the properties used by OpenIddict, custom entities can be used. For that, you need to:

    +
      +

    • Create custom entities:

      +
      public class CustomApplication : OpenIddictEntityFrameworkCoreApplication<long, CustomAuthorization, CustomToken>
+{
+    public string CustomProperty { get; set; }
+}
+
+public class CustomAuthorization : OpenIddictEntityFrameworkCoreAuthorization<long, CustomApplication, CustomToken>
+{
+    public string CustomProperty { get; set; }
+}
+
+public class CustomScope : OpenIddictEntityFrameworkCoreScope<long>
+{
+    public string CustomProperty { get; set; }
+}
+
+public class CustomToken : OpenIddictEntityFrameworkCoreToken<long, CustomApplication, CustomAuthorization>
+{
+    public string CustomProperty { get; set; }
+}
+
      • +

    • Call the generic ReplaceDefaultEntities<TApplication, TAuthorization, TScope, TToken, TKey>() method to force OpenIddict to use the custom entities:

      +
      services.AddOpenIddict()
+    .AddCore(options =>
+    {
+        // Configure OpenIddict to use the custom entities.
+        options.UseEntityFrameworkCore()
+               .UseDbContext<ApplicationDbContext>()
+               .ReplaceDefaultEntities<CustomApplication, CustomAuthorization, CustomScope, CustomToken, long>();
+    });
+
      • +

    • Configure Entity Framework Core to include the custom entities in the model:

      +
      services.AddDbContext<ApplicationDbContext>(options =>
+{
+    // Configure Entity Framework Core to use Microsoft SQL Server.
+    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
+
+    // Register the entity sets needed by OpenIddict but use the specified entities instead of the default ones.
+    options.UseOpenIddict<CustomApplication, CustomAuthorization, CustomScope, CustomToken, long>();
+});
+
      • +
    +
    + +
    +
    +
    + + + + + + + + + + + + + + + diff --git a/integrations/index.html b/integrations/index.html new file mode 100644 index 0000000..a298fdc --- /dev/null +++ b/integrations/index.html @@ -0,0 +1,120 @@ + + + + + + + + + Integrations + + + + + + + + + + + + + + + + + + +
    + + + + + + + + OpenIddict + OpenIddict + +
    + +
    + +
    + + + +
    + +
    + + +
    + +
    + +
    +

    Integrations

    + +

    OpenIddict offers native integrations with popular Object–relational Mapping tools and Database Clients like Entity Framework 6 and Entity Framework Core or MongoDB.

    +

    Documentation for integrations maintained by the OpenIddict community can be found in their respective repositories:

    + +
    + +
    +
    +
    + + + + + + + + + + + + + + + diff --git a/configuration/mongodb-integration.html b/integrations/mongodb.html similarity index 80% rename from configuration/mongodb-integration.html rename to integrations/mongodb.html index 17946f7..33dc5b9 100644 --- a/configuration/mongodb-integration.html +++ b/integrations/mongodb.html @@ -93,6 +93,7 @@

    MongoDB integration

    +

    Basic configuration

    To configure OpenIddict to use MongoDB as the database for applications, authorizations, scopes and tokens, you'll need to:

    • Reference the OpenIddict.MongoDb package:

      @@ -198,8 +199,7 @@ await tokens.Indexes.CreateManyAsync(new[] { // Note: partial filter expressions are not supported on Azure Cosmos DB. // As a workaround, the expression and the unique constraint can be removed. - PartialFilterExpression = - Builders<OpenIddictMongoDbToken>.Filter.Exists(token => token.ReferenceId), + PartialFilterExpression = Builders<OpenIddictMongoDbToken>.Filter.Exists(token => token.ReferenceId), Unique = true }), @@ -216,7 +216,56 @@ await tokens.Indexes.CreateManyAsync(new[] });
    -
    +

    Advanced configuration

    +

    Use custom entities

    +

    For applications that require storing additional data alongside the properties used by OpenIddict, custom entities can be used. For that, you need to:

    +
      +

    • Create custom entities:

      +
      public class CustomApplication : OpenIddictMongoDbApplication
+{
+    public string CustomProperty { get; set; }
+}
+
+public class CustomAuthorization : OpenIddictMongoDbAuthorization
+{
+    public string CustomProperty { get; set; }
+}
+
+public class CustomScope : OpenIddictMongoDbScope
+{
+    public string CustomProperty { get; set; }
+}
+
+public class CustomToken : OpenIddictMongoDbToken
+{
+    public string CustomProperty { get; set; }
+}
+
      • +

    • Configure MongoDb to use the custom entities:

      +
      services.AddOpenIddict()
+    .AddCore(options =>
+    {
+        options.UseMongoDb()
+               .ReplaceDefaultApplicationEntity<CustomApplication>()
+               .ReplaceDefaultAuthorizationEntity<CustomAuthorization>()
+               .ReplaceDefaultScopeEntity<CustomScope>()
+               .ReplaceDefaultTokenEntity<CustomToken>();
+    });
+
      • +
    +

    Use custom collection names

    +

    By default, OpenIddict uses the openiddict.[entity name]s pattern to determine the default collection names. +Applications that require using different collection names can use the Set*CollectionName() helpers:

    +
    services.AddOpenIddict()
+    .AddCore(options =>
+    {
+        options.UseMongoDb()
+               .SetApplicationsCollectionName("custom-applications-collection")
+               .SetAuthorizationsCollectionName("custom-authorizations-collection")
+               .SetScopesCollectionName("custom-scopes-collection")
+               .SetTokensCollectionName("custom-tokens-collection");
+    });
+
    diff --git a/integrations/toc.html b/integrations/toc.html new file mode 100644 index 0000000..d30f2e4 --- /dev/null +++ b/integrations/toc.html @@ -0,0 +1,24 @@ + +
    +
    +
    +
    + + +
    +
    +
    +
    \ No newline at end of file diff --git a/manifest.json b/manifest.json index 7be6599..c9b0104 100644 --- a/manifest.json +++ b/manifest.json @@ -45,7 +45,7 @@ "output": { ".html": { "relative_path": "configuration/encryption-and-signing-credentials.html", - "hash": "X9XDnZLKY/5K8DpDgTMVvg==" + "hash": "BNTD2XpB9JvFGvWlIh4bwg==" } }, "is_incremental": false, @@ -57,19 +57,7 @@ "output": { ".html": { "relative_path": "configuration/index.html", - "hash": "k22iYcCNt9Gl/NHlrXpepA==" - } - }, - "is_incremental": false, - "version": "" - }, - { - "type": "Conceptual", - "source_relative_path": "configuration/mongodb-integration.md", - "output": { - ".html": { - "relative_path": "configuration/mongodb-integration.html", - "hash": "72Lugm/G2OOW9NWHWLB3aA==" + "hash": "AICKK9g02yD4LxurxlIMoA==" } }, "is_incremental": false, @@ -93,7 +81,7 @@ "output": { ".html": { "relative_path": "configuration/toc.html", - "hash": "MHZ474LlHgfAYPcHgjObAA==" + "hash": "GUTCYQ1PRD0hdbfXZoXI/w==" } }, "is_incremental": false, @@ -1541,11 +1529,11 @@ }, { "type": "Conceptual", - "source_relative_path": "guide/choosing-the-right-flow.md", + "source_relative_path": "guides/choosing-the-right-flow.md", "output": { ".html": { - "relative_path": "guide/choosing-the-right-flow.html", - "hash": "gWAtbPR4n11oTgPNGVzu+g==" + "relative_path": "guides/choosing-the-right-flow.html", + "hash": "wcSamfwfNmeDNib8wiVnTQ==" } }, "is_incremental": false, @@ -1553,10 +1541,10 @@ }, { "type": "Resource", - "source_relative_path": "guide/choosing-the-right-flow/authorization-code-flow.png", + "source_relative_path": "guides/choosing-the-right-flow/authorization-code-flow.png", "output": { "resource": { - "relative_path": "guide/choosing-the-right-flow/authorization-code-flow.png" + "relative_path": "guides/choosing-the-right-flow/authorization-code-flow.png" } }, "is_incremental": false, @@ -1564,10 +1552,10 @@ }, { "type": "Resource", - "source_relative_path": "guide/choosing-the-right-flow/client-credentials-flow.png", + "source_relative_path": "guides/choosing-the-right-flow/client-credentials-flow.png", "output": { "resource": { - "relative_path": "guide/choosing-the-right-flow/client-credentials-flow.png" + "relative_path": "guides/choosing-the-right-flow/client-credentials-flow.png" } }, "is_incremental": false, @@ -1575,10 +1563,10 @@ }, { "type": "Resource", - "source_relative_path": "guide/choosing-the-right-flow/consent-form.png", + "source_relative_path": "guides/choosing-the-right-flow/consent-form.png", "output": { "resource": { - "relative_path": "guide/choosing-the-right-flow/consent-form.png" + "relative_path": "guides/choosing-the-right-flow/consent-form.png" } }, "is_incremental": false, @@ -1586,10 +1574,10 @@ }, { "type": "Resource", - "source_relative_path": "guide/choosing-the-right-flow/implicit-flow.png", + "source_relative_path": "guides/choosing-the-right-flow/implicit-flow.png", "output": { "resource": { - "relative_path": "guide/choosing-the-right-flow/implicit-flow.png" + "relative_path": "guides/choosing-the-right-flow/implicit-flow.png" } }, "is_incremental": false, @@ -1597,10 +1585,10 @@ }, { "type": "Resource", - "source_relative_path": "guide/choosing-the-right-flow/resource-owner-password-flow.png", + "source_relative_path": "guides/choosing-the-right-flow/resource-owner-password-flow.png", "output": { "resource": { - "relative_path": "guide/choosing-the-right-flow/resource-owner-password-flow.png" + "relative_path": "guides/choosing-the-right-flow/resource-owner-password-flow.png" } }, "is_incremental": false, @@ -1608,11 +1596,11 @@ }, { "type": "Conceptual", - "source_relative_path": "guide/getting-started.md", + "source_relative_path": "guides/getting-started.md", "output": { ".html": { - "relative_path": "guide/getting-started.html", - "hash": "XR2F+SYNqKQbYnQTQ1lAVQ==" + "relative_path": "guides/getting-started.html", + "hash": "w4ot0irGPo6kPbJCtXT9sQ==" } }, "is_incremental": false, @@ -1620,11 +1608,11 @@ }, { "type": "Conceptual", - "source_relative_path": "guide/index.md", + "source_relative_path": "guides/index.md", "output": { ".html": { - "relative_path": "guide/index.html", - "hash": "1WppPUd3tc49Q1IuN6MpfA==" + "relative_path": "guides/index.html", + "hash": "GYPiSn0I/fhjecInWBd+sA==" } }, "is_incremental": false, @@ -1632,11 +1620,11 @@ }, { "type": "Conceptual", - "source_relative_path": "guide/migration/20-to-30.md", + "source_relative_path": "guides/migration/20-to-30.md", "output": { ".html": { - "relative_path": "guide/migration/20-to-30.html", - "hash": "gXjJnqMDORzKmvYY4OLRSA==" + "relative_path": "guides/migration/20-to-30.html", + "hash": "tvhWtNPbpiYeQ0xcP1I4oQ==" } }, "is_incremental": false, @@ -1644,10 +1632,10 @@ }, { "type": "Toc", - "source_relative_path": "guide/toc.yml", + "source_relative_path": "guides/toc.yml", "output": { ".html": { - "relative_path": "guide/toc.html", + "relative_path": "guides/toc.html", "hash": "Q2Rq3xUOIstDdNnNV/CmBA==" } }, @@ -1682,7 +1670,55 @@ "output": { ".html": { "relative_path": "index.html", - "hash": "3nPaLmwJHUE2QAgJqejTcw==" + "hash": "LDX2KG1mNaZgnySmcrJkYQ==" + } + }, + "is_incremental": false, + "version": "" + }, + { + "type": "Conceptual", + "source_relative_path": "integrations/entity-framework-core.md", + "output": { + ".html": { + "relative_path": "integrations/entity-framework-core.html", + "hash": "/+6V48DwOyGcYnlBTNI0og==" + } + }, + "is_incremental": false, + "version": "" + }, + { + "type": "Conceptual", + "source_relative_path": "integrations/index.md", + "output": { + ".html": { + "relative_path": "integrations/index.html", + "hash": "WDTvL+SrcS/LrtG9czbidA==" + } + }, + "is_incremental": false, + "version": "" + }, + { + "type": "Conceptual", + "source_relative_path": "integrations/mongodb.md", + "output": { + ".html": { + "relative_path": "integrations/mongodb.html", + "hash": "4vhlfSOVT9PhnUD5B3NxfA==" + } + }, + "is_incremental": false, + "version": "" + }, + { + "type": "Toc", + "source_relative_path": "integrations/toc.yml", + "output": { + ".html": { + "relative_path": "integrations/toc.html", + "hash": "914frhil++hv0x3ddB061A==" } }, "is_incremental": false, @@ -2376,7 +2412,7 @@ "output": { ".html": { "relative_path": "toc.html", - "hash": "6bYAB6WKrlIEFqIGMFlPbw==" + "hash": "pkjNX/g9gq1U7BbZjUNK4w==" } }, "is_incremental": false, @@ -2397,7 +2433,7 @@ "ConceptualDocumentProcessor": { "can_incremental": false, "incrementalPhase": "build", - "total_file_count": 132, + "total_file_count": 134, "skipped_file_count": 0 }, "ResourceDocumentProcessor": { diff --git a/toc.html b/toc.html index 343a0a2..6d14a20 100644 --- a/toc.html +++ b/toc.html @@ -6,19 +6,23 @@