simpleidserver
Can we get an Overview of How to use SimpleIdServer for a complete OpenId Connect workflow?
There is a lot of confusion due to the history of so many protocols. My understanding is that OpenID was a stand-alone protocol that never gained much steam. OAuth2 was gaining ground and so the OpenID folks created "OpenID Connect" which is an implementation of OpenID principals on top of OAuth2 -- meaning OpenID Connect requires an OAuth2 server that also supports the OpenID Connect layer on top of it.
I'm having trouble understanding how to use SimpleIdServer to setup an entire Open ID Connect workflow as demonstrated on the official site https://openidconnect.net/. Could we get a run-down/overview of how to do this?
Also, since OpenID Connect seems to be gathering a lot of support across industries, a walkthrough of setting this up completely would be super helpful to many people. Right now, I'd at least urgently appreciate something quick and dirty to help me get going in the right direction.
You can find on the following website some documentation which explains how to setup an INMEMORY OPENID SERVER : https://simpleidserver.readthedocs.io/en/latest/intro/getting-started-with-openid.html. When your ASP.NET CORE project is ready, you can launch it and start playing with the OPENID SERVER. A sample project can be download here.
In order to use the OPENID sever, you need to identify which application needs to be protected. There are several kinds of applications and each application have a different configuration.
Application : SPA (Single Page Application) (modern web browser)
Configuration :
| Configuration | Values |
|---|---|
| GrantTypes | authorization_code |
| TokenEndPointAuthMethod | pkce |
Examples : Angular, VueJS
Application: SPA (Single Page Application) (old web browser)
Configuration :
| Configuration | Values |
|---|---|
| GrantTypes | implicit |
Examples : Angular, VueJS
Application : A web application hosted on the server
Configuration :
| Configuration | Values |
|---|---|
| GrantTypes | authorization_code |
| TokenEndPointAuthMethod | client_secret_basic |
Examples : ASP.NET CORE, NodeJS Express
Application : Native
Configuration :
| Configuration | Values |
|---|---|
| GrantTypes | authorization_code |
| TokenEndPointAuthMethod | pkce |
Examples : Android & Desktop application
Application : Trusted - Application is hosted on the server with no end-user
Configuration :
| Configuration | Values |
|---|---|
| GrantTypes | password |
| TokenEndPointAuthMethod | client_secret_basic |
Examples : A web application hosted on the server which use login & password authentication.
Application : Service
Configuration :
| Configuration | Values |
|---|---|
| GrantTypes | client_credentials |
| TokenEndPointAuthMethod | client_secret_basic |
Examples : REST.API
Configuration can be edited in the file "DefaultConfiguration.cs".
Remark : The git branch "release/1.2.2" contains EntityFramework Repository, but those packages are not yet published & available on nuget. They will be published as soon as the release is finished :)
Hey, thanks for replying so swiftly! I really appreciate it!
I read the OpenID doc, but the document stops after authentication. It doesn't mention anything about authorization. That's where my confusion starts. The process on the openidconnect.net playground is a complete authentication/authorization process from start to end.
Also, some of my confusion stems from the fact that the OpenID Page is labeled "OpenID" -- not "OpenID Connect". Are you saying that the SimpleIDServer's "OpenID" server is part of the process to setup a complete "OpenID Connect" workflow?
Thanks in advance. :)
Indeed SimpleIdServer is an OPENID SERVER. In order to simulate complete workflow, you can use our samples projects :) :
- ProtectAPIFromUndesirableClients : A console application is trying to access to a protected API.
- ProtectAPIFromUndesirableUsers : An ASP.NET MVC & SPA applications are trying to access to a protected API.
- UseUMAToProtectAPI : A resource owner can manage access to his resources. For example, he can choose applications who have access to his bank account.
Remark : Samples projects are not using the latest version of SimpleIdServer, but they give a good insight into different features.