What is IdentityServer4

What is IdentityServer4 IdentityServer4 is an open source framework for ASP.NET Core applications. http://docs.identityserver.io/en/latest/ It is an OpenID Connect and OAuth 2.0 Framework and a certified implementation of OpenID Connect by OpenID Foundation. https://openid.net/certification/ It will help you build an Identity provider and support the common functionalities you need: 1- Authenticate users 2- Protect User’s resources 3- Support different client types a. Web applications (MVC, rendered b. Single Page Application c. Mobile Native d. Services 4- Issuing Tokens a. Id token b. Access token c. Reference Token 5- Building a Federation Gateway Let’s talk about each one briefly: Authenticating Users 00:37 Users can authenticate using local account or external identity provider. IdentityServer4 doesn’t have its own implementation of a user store. You can either develop your own or guess what! you can use ASP.NET Core Identity for that. because it is supported by IdentityServer4. This is simply the main reason why you need to use them together. IdentityServer4 doesn’t have a user store implementation, While ASP.NET Core Identity can’t issue tokens and it’s not an identity provider. Protect User’s resources 01:20 Resources here usually refers to the Backend APIs. APIs will be secured by Identity provider that you will build on top of Identityserver4. Support different client types 01:35 Client refers to the software the end user will use to access resources. Client can be a native mobile app, a web app or JavaScript single page application. Client also can be a service that need to access another service. IdentityServer4 support many Grant types or flows. Based on the client type, you choose the suitable grant type. Issuing Tokens 02:07 It supports issuing different tokens: - Identity Token after a successful authentication process by a user on a specific client. - Self-contained access token (JWT token) that is requested by a client to be able to access an API. - Reference access token which is another type that can be used instead of JWT access token. - Refresh token: it is used to request a new access token without a user interaction Federation Gateway 02:43 Let’s say, you want to support different external login providers like social network logins, Active Directory, Azure Active Directory or else. And you have many APIs. You have many web applications, and many mobile apps. How would you implement that? You need to support many logins by many providers in every side of your application. Imagine the case when you need to update or change any login scenario. Another important point is that every login provider is different from the other one and you have to handle that in every side of your application. Your application is better to know one token issuer. in other words, your application should be secured by one identity provider. This Identity provider will support different authentication types. Local login and external login using external providers. IdentityServer4 will help you build an Identity provider that act as federation gateway between any external identity providers and your application (or maybe more than one application). You can also check this blog post about how to use ASP.NET Core Identity and IdentityServer4 together https://feras.blog/how-to-use-asp-net-identity-and-identityserver4-in-your-solution/

Category