GitHub - openiddict/openiddict-core: Flexible and versatile OAuth 2.0/OpenID Connect stack for .NET (original) (raw)
OpenIddict
The OpenID Connect stack you'll be addicted to.
What is OpenIddict?
OpenIddict aims at providing a versatile solution to implement OpenID Connect client, server and token validation support in .NET applications.
OpenIddict fully supports the code/implicit/hybrid flows, the client credentials/resource owner password grants and the device authorization flow.
OpenIddict natively supports Entity Framework Core,Entity Framework 6 and **MongoDB**out-of-the-box and custom stores can be implemented to support other providers.
Getting started
To implement a custom OpenID Connect server using OpenIddict, read Getting started.
Samples demonstrating how to use OpenIddict with the different OAuth 2.0/OpenID Connect flowscan be found in the dedicated repository.
Developers looking for a simple and turnkey solution are strongly encouraged to evaluate these popular options:
- Volo.OpenIddict.Pro, which is based on OpenIddict, supports all the common OAuth 2.0/OpenID Connect flows and offers a powerful applications/scopes management GUI.
- OrchardCore.OpenId, which is also based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.
Tip
Looking to integrate with a SAML2P Identity Provider (IDP) or Service Provider (SP)? Rock Solid Knowledge, a sponsor of OpenIddict, is developing a range of identity components to enhance your OpenIddict solution. The first of these is their popular SAML2P component.
Certification
Unlike many other identity providers, OpenIddict is not a turnkey solution but a framework that requires writing custom codeto be operational (typically, at least an authorization controller), making it a poor candidate for the certification program.
While a reference implementation could be submitted as-is, this wouldn't guarantee that implementations deployed by OpenIddict users would be standard-compliant.
Instead, developers are encouraged to execute the conformance tests against their own deployment once they've implemented their own logic.
Tip
The samples repository contains a dedicated sample specially designed to be used with the OpenID Connect Provider Certification tool and demonstrate that OpenIddict can be easily used in a certified implementation. To allow executing the certification tests as fast as possible, that sample doesn't include any membership or consent feature (two hardcoded identities are proposed for tests that require switching between identities).
Resources
Looking for additional resources to help you get started with OpenIddict? Don't miss these interesting blog posts:
- OpenIddict on AWS Serverless: Adding Interactive Login by Anton Ganhammar
- OpenIddict 6.0 general availability by Kévin Chalet
- OpenIddict on AWS Serverless: Flexible OAuth2/OIDC Provider by Anton Ganhammar
- OpenIddict 5.0 general availability by Kévin Chalet
- Introducing native applications, per-client token lifetimes and client assertions support in OpenIddict 5.0 preview1 by Kévin Chalet
- Can you use the ASP.NET Core Identity API endpoints with OpenIddict? by Kévin Chalet
- OpenID Connect and OAuth 2.0 server in ASP.NET Core using OpenIddict by Siarhei Kharlap
- Transparent Auth Gateway by Alex Klaus
- Introducing system integration support for the OpenIddict client by Kévin Chalet
- OpenIddict 4.0 general availability by Kévin Chalet
- Getting started with the OpenIddict web providers by Kévin Chalet
- Introducing the OpenIddict-powered providers by Kévin Chalet
- Introducing the OpenIddict client by Kévin Chalet
- Secure a Blazor WASM ASP.NET Core hosted APP using BFF and OpenIddict by Damien Bowden
- Setting up an Authorization Server with OpenIddict by Robin van der Knaap
- Adding OpenIddict 3.0 to an OWIN application by Kévin Chalet
- Creating an OpenID Connect server proxy with OpenIddict 3.0's degraded mode by Kévin Chalet
OpenIddict-based projects maintained by third parties:
- ABP Framework OpenIddict module: full-stack Web application framework for .NET
- OpenIddict.AmazonDynamoDB by ganhammar: Amazon DynamoDB stores for OpenIddict
- OpenIddict UI by Thomas Duft: headless UI for managing client applications and scopes
- OrchardCore OpenID module: turnkey OpenID Connect server and token validation solution, built with multitenancy in mind
- P41.OpenIddict.CouchDB by Panos Athanasiou: CouchDB stores for OpenIddict
- pixel-identity by Nishant Singh: Ready to host OpenID Connect service using OpenIddict and ASP.NET Identity with a Blazor-based UI for managing users, roles, applications and scopes with support for multiple databases.
- SharpGrip.OpenIddict.Api by SharpGrip: SharpGrip OpenIddict API is an extension of the OpenIddict library exposing the OpenIddict entities through a RESTful API.
Security policy
Security issues and bugs should be reported privately by emailing security@openiddict.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Support policy
If you need support, please first make sure you're sponsoring the project. Depending on the tier you selected, you can open a GitHub ticket or send an email to contact@openiddict.com for private support. Alternatively, you can also post your question on Gitter.
Support is only offered for the latest stable version of OpenIddict. There are, however, two exceptions to this policy:
- ABP Framework users receive patches for OpenIddict for as long as ABP Framework itself is supported by Volosoft(typically a year following the release of a major ABP version), whether they have a commercial ABP license or just use the free packages.
| OpenIddict branch | ABP Framework branch | End of support date (estimated) |
|---|---|---|
| 4.x | 7.x | December 19, 2024 |
| 5.x | 8.x | November 19, 2025 |
| 6.x (current) | 9.x | Currently supported |
- OpenIddict sponsors are offered extended support depending on the selected sponsorship tier:
- $100/month sponsors get full support for the previous version 1 month following the release of a new major version.
- $250/month sponsors get full support for the previous version 6 months following the release of a new major version.
- $500/month sponsors get full support for the previous version 12 months following the release of a new major version.
- $1,000/month sponsors get full support for the previous version 24 months following the release of a new major version.
| OpenIddict branch | Sponsorship tier | End of support date |
|---|---|---|
| 4.x | $100/month (or more) | January 18, 2024 |
| 4.x | $250/month (or more) | June 18, 2024 |
| 4.x | $500/month (or more) | December 18, 2024 |
| 4.x | $1,000/month (or more) | December 18, 2025 |
| 5.x | $100/month (or more) | January 17, 2025 |
| 5.x | $250/month (or more) | June 17, 2025 |
| 5.x | $500/month (or more) | December 17, 2025 |
| 5.x | $1,000/month (or more) | December 17, 2026 |
| 6.x (current) | Any | Currently supported |
Running locally
This project uses the newer .slnx format instead of the traditional .sln file. You can open it using Visual Studio 2022 or newer.
Tip
If you encounter the following error when trying to open the .slnx file:
The selected file is not a valid solution file.
It's likely that the Solution File Persistence Model feature needs to be enabled. To do this:
- Open Visual Studio.
- Go to Tools > Options.
- In the left-hand menu, select Environment > Preview Features.
- Enable the checkbox for Use Solution File Persistence Model.
- Click OK and restart Visual Studio.
Once the solution file opens, you can set the desired project as the Startup Project (right-click on the project > Set as Startup Project) and start debugging or running as usual.
Nightly builds
If you want to try out the latest features and bug fixes, there is a MyGet feed with nightly builds of OpenIddict. To reference the OpenIddict MyGet feed, create a NuGet.config file (at the root of your solution):
Contributors
OpenIddict is actively maintained by Kévin Chalet. Contributions are welcome and can be submitted using pull requests.
Special thanks to our sponsors for their incredible support:
License
This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See http://www.apache.org/licenses/LICENSE-2.0.html for more details.