IdentityServer Module

IdentityServer module provides a full integration with the IdentityServer4 (IDS) framework, which provides advanced authentication features like single sign-on and API access control. This module persists clients, resources and other IDS-related objects to database. This module is replaced by OpenIddict module after ABP v6.0 in the startup templates.

Note: You can not use IdentityServer and OpenIddict modules together. They are separate OpenID provider libraries for the same job.

How to Install

You don't need this module when you are using OpenIddict module. However, if you want to keep using IdentityServer4 for your applications, you can install this module and remove the OpenIddict module. You can continue to use it as package and get updates easily, or you can include its source code into your solution (see get-source CLI command) to develop your custom module.

The Source Code

The source code of this module can be accessed here. The source code is licensed with MIT, so you can freely use and customize it.

User Interface

This module implements the domain logic and database integrations, but not provides any UI. Management UI is useful if you need to add clients and resources on the fly. In this case, you may build the management UI yourself or consider to purchase the ABP which provides the management UI for this module.

Relations to Other Modules

This module is based on the Identity Module and have an integration package with the Account Module.

Options

AbpIdentityServerBuilderOptions

AbpIdentityServerBuilderOptions can be configured in PreConfigureServices method of your Identity Server module. Example:

public override void PreConfigureServices(ServiceConfigurationContext context)
{
	PreConfigure<AbpIdentityServerBuilderOptions>(builder =>
	{
    	//Set options here...		
	});
}

AbpIdentityServerBuilderOptions properties:

  • UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap (default: true): Updates JwtSecurityTokenHandler.DefaultInboundClaimTypeMap to be compatible with Identity Server claims.
  • UpdateAbpClaimTypes (default: true): Updates AbpClaimTypes to be compatible with identity server claims.
  • IntegrateToAspNetIdentity (default: true): Integrate to ASP.NET Identity.
  • AddDeveloperSigningCredential (default: true): Set false to suppress AddDeveloperSigningCredential() call on the IIdentityServerBuilder.

IIdentityServerBuilder can be configured in PreConfigureServices method of your Identity Server module. Example:

public override void PreConfigureServices(ServiceConfigurationContext context)
{
	PreConfigure<IIdentityServerBuilder>(builder =>
	{
    	builder.AddSigningCredential(...);	
	});
}

Internals

Domain Layer

Aggregates

ApiResource

API Resources are needed for allowing clients to request access tokens.

  • ApiResource (aggregate root): Represents an API resource in the system.
    • ApiSecret (collection): secrets of the API resource.
    • ApiScope (collection): scopes of the API resource.
    • ApiResourceClaim (collection): claims of the API resource.
Client

Clients represent applications that can request tokens from your Identity Server.

  • Client (aggregate root): Represents an Identity Server client application.
    • ClientScope (collection): Scopes of the client.
    • ClientSecret (collection): Secrets of the client.
    • ClientGrantType (collection): Grant types of the client.
    • ClientCorsOrigin (collection): CORS origins of the client.
    • ClientRedirectUri (collection): redirect URIs of the client.
    • ClientPostLogoutRedirectUri (collection): Logout redirect URIs of the client.
    • ClientIdPRestriction (collection): Provider restrictions of the client.
    • ClientClaim (collection): Claims of the client.
    • ClientProperty (collection): Custom properties of the client.
PersistedGrant

Persisted Grants stores AuthorizationCodes, RefreshTokens and UserConsent.

  • PersistedGrant (aggregate root): Represents PersistedGrant for identity server.
IdentityResource

Identity resources are data like user ID, name, or email address of a user.

  • IdentityResource (aggregate root): Represents and Identity Server identity resource.
    • IdentityClaim (collection): Claims of identity resource.

Repositories

Following custom repositories are defined for this module:

  • IApiResourceRepository
  • IClientRepository
  • IPersistentGrantRepository
  • IIdentityResourceRepository

Domain Services

This module doesn't contain any domain service but overrides the services below;

  • AbpProfileService (Used when AbpIdentityServerBuilderOptions.IntegrateToAspNetIdentity is true)
  • AbpClaimsService
  • AbpCorsPolicyService

Settings

This module doesn't define any settings.

Application Layer

Application Services

  • ApiResourceAppService (implements IApiResourceAppService): Implements the use cases of the API resource management UI.
  • IdentityServerClaimTypeAppService (implement IIdentityServerClaimTypeAppService): Used to get list of claims.
  • ApiResourceAppService (implements IApiResourceAppService): Implements the use cases of the API resource management UI.
  • IdentityResourceAppService (implements IIdentityResourceAppService): Implements the use cases of the Identity resource management UI.

Database Providers

Common

Table/Collection Prefix & Schema

All tables/collections use the IdentityServer prefix by default. Set static properties on the AbpIdentityServerDbProperties class if you need to change the table prefix or set a schema name (if supported by your database provider).

Connection String

This module uses AbpIdentityServer for the connection string name. If you don't define a connection string with this name, it fallbacks to the Default connection string.

See the connection strings documentation for details.

Entity Framework Core

Tables
  • IdentityServerApiResources
    • IdentityServerApiSecrets
    • IdentityServerApiScopes
      • IdentityServerApiScopeClaims
    • IdentityServerApiClaims
  • IdentityServerClients
    • IdentityServerClientScopes
    • IdentityServerClientSecrets
    • IdentityServerClientGrantTypes
    • IdentityServerClientCorsOrigins
    • IdentityServerClientRedirectUris
    • IdentityServerClientPostLogoutRedirectUris
    • IdentityServerClientIdPRestrictions
    • IdentityServerClientClaims
    • IdentityServerClientProperties
  • IdentityServerPersistedGrants
  • IdentityServerIdentityResources
    • IdentityServerIdentityClaims

MongoDB

Collections
  • IdentityServerApiResources
  • IdentityServerClients
  • IdentityServerPersistedGrants
  • IdentityServerIdentityResources

Contributors

Avatar hikalkan
Last updated: July 31, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

Building Modular Monolith Applications Using .NET and ABP Framework

17 Oct, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More