/openiddict-core

Versatile OpenID Connect stack for ASP.NET Core 2.1/3.1/5.0 and OWIN/Katana 4.1 (compatible with ASP.NET 4.6.1)

Primary LanguageC#Apache License 2.0Apache-2.0

OpenIddict

The OpenID Connect stack you'll be addicted to.

Build status

What's OpenIddict?

OpenIddict aims at providing a versatile solution to implement an OpenID Connect server and token validation in any ASP.NET Core 2.1, 3.1 and 5.0 application, and starting in OpenIddict 3.0, any ASP.NET 4.x or OWIN application too.

OpenIddict fully supports the code/implicit/hybrid flows, the client credentials/resource owner password grants and the device authorization flow. You can also create your own custom grant types.

OpenIddict natively supports Entity Framework Core, Entity Framework 6 and MongoDB out-of-the-box, but you can also provide your own stores.

I want something simple and easy to configure

Developers looking for a simple and turnkey solution are strongly encouraged to use OrchardCore and its OpenID module, which is based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.

Getting started

To implement a custom OpenID Connect server using OpenIddict, the simplest option is to clone one of the official samples from the openiddict-samples repository:

Documentation

The documentation for the latest stable release (2.0.1) can be found in the dedicated repository.

Compatibility matrix

Web framework version .NET runtime version OpenIddict 2.0 OpenIddict 2.0.1 OpenIddict 3.0
ASP.NET Core 2.1 .NET Framework 4.6.1 ✔️ ℹ️ ✔️ ℹ️ ✔️ ℹ️
ASP.NET Core 2.1 .NET Framework 4.7.2 ✔️ ✔️ ✔️
ASP.NET Core 2.1 .NET Framework 4.8 ✔️ ✔️ ✔️
ASP.NET Core 2.1 .NET Core 2.1 ✔️ ✔️ ✔️
ASP.NET Core 3.1 .NET Core 3.1 ⚠️ ✔️ ✔️
ASP.NET Core 5.0 .NET 5.0 ⚠️ ✔️ ✔️
OWIN/Katana 4.1 .NET Framework 4.6.1 ✔️ ℹ️
OWIN/Katana 4.1 .NET Framework 4.7.2 ✔️
OWIN/Katana 4.1 .NET Framework 4.8 ✔️

ℹ️ Note: the following features are not available when targeting .NET Framework 4.6.1:

  • X.509 development encryption/signing certificates: calling AddDevelopmentEncryptionCertificate() or AddDevelopmentSigningCertificate() will result in a PlatformNotSupportedException being thrown at runtime if no valid development certificate can be found and a new one must be generated.
  • X.509 ECDSA signing certificates/keys: calling AddSigningCertificate() or AddSigningKey() with an ECDSA certificate/key will always result in a PlatformNotSupportedException being thrown at runtime.

Resources

Looking for additional resources to help you get started with 3.0? Don't miss these interesting blog posts:

Posts written for previous versions of OpenIddict:

Security policy

Security issues and bugs should be reported privately by emailing security@openiddict.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Support

If you need support, please make sure you sponsor the project before creating a GitHub ticket. If you're not a sponsor, you can post your questions on Gitter or StackOverflow:

Nightly builds

If you want to try out the latest features and bug fixes, there is a MyGet feed with nightly builds of OpenIddict. To reference the OpenIddict MyGet feed, create a NuGet.config file (at the root of your solution):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="openiddict" value="https://www.myget.org/F/openiddict/api/v3/index.json" />
  </packageSources>
</configuration>

Contributors

OpenIddict is actively maintained by Kévin Chalet. Contributions are welcome and can be submitted using pull requests.

Special thanks to the following sponsors for their incredible support:

License

This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See http://www.apache.org/licenses/LICENSE-2.0.html for more details.