The mid term plan is that OpenID Connect will replace the plain OAuth2 endpoints in IdentityServer. As a first step, I just checked in a preview of the OIDC basic client profile support (see this doc).
The preview consists of two parts:
- OIDC authorize/token/userinfo endpoints for IdSrv
- ASP.NET client module
To enable the above endpoints, simply uncomment the OIDC routes in ProtocolConfig.cs.
To register an OIDC client, create an OAuth2 code flow client for now:
And adjust the settings in the sample client project web.config accordingly:
<oidcClient clientId=“oidccode“
clientSecret=“secret“
scope=“profile“
issuerName=“http://identityserver.v2.thinktecture.com/samples“
signingCertificate=“CN=STS“>
<endpoints authorize=“https://idsrv.local/issue/oidc/authorize“
token=“https://idsrv.local/issue/oidc/token“
userInfo=“https://idsrv.local/issue/oidc/userinfo“ />
</oidcClient>
The OIDC client module will then automatically redirect to the OpenID provider and coordinate the front/back channel work.
Have fun!
Filed under: ASP.NET, IdentityServer, WebAPI
