The ABP OpenIddict Pro Module provides a complete OpenID Connect authentication server with application management, scope configuration, and token handling. Built on OpenIddict with full ABP Framework integration and ready-to-use management UI.
The OpenIddict Pro Module supports all standard OAuth 2.0 and OpenID Connect flows, enabling you to authenticate any type of application securely.
The module includes built-in MVC controllers for all standard OpenID Connect endpoints. These endpoints handle consent UI, redirections, and discovery documents automatically.
Handles authorization requests and user consent. Redirects users to authentication and returns authorization codes.
Issues access tokens and refresh tokens. Exchanges authorization codes for tokens and handles token refresh requests.
Handles user logout and session termination. Revokes tokens and clears authentication cookies.
Provides OpenID Connect discovery document. Returns endpoint URLs, supported scopes, and configuration metadata.
A centralized UI to manage applications, scopes, and permissions with full control and zero friction.
Create and manage OpenIddict applications through an intuitive UI. Configure client IDs, secrets, redirect URIs, grant types, and permissions without code changes.
Define API scopes that represent resources your applications can access. Control what each application can request in access tokens through scope management.
Assign permissions to applications just like roles, enabling fine-grained access control. Applications can only access resources based on their granted permissions.
A centralized UI to manage applications, scopes, and permissions with full control and zero friction.
Automatic cleanup, configurable lifetimes
Long-lived sessions
Full support
Full support
Extensible architecture
Control token claims
Tenant isolation
Designed to secure web, mobile, SPA, and service-to-service applications with flexible authentication strategies.
Use authorization code flow for traditional web applications. Secure server-side authentication with redirect-based flows and session management.
Support SPAs with PKCE-enabled authorization code flow. Secure client-side applications with proper token handling and refresh token support.
Enable mobile app authentication with device authorization flow or authorization code flow. Support native mobile authentication patterns.
Use client credentials grant for service-to-service authentication. Secure API communication without user interaction.
Works natively with the ABP Platform, enabling rapid development with built-in identity, authorization, and configuration support.
OpenIddict Pro is fully integrated with ABP's permission system, multi-tenancy support, and identity management. Configure claim destinations to control which claims appear in access tokens and identity tokens, and leverage ABP's existing authentication infrastructure without building your own authorization server.
OpenIddict UI works seamlessly with multiple databases and UI frameworks, giving you complete freedom in how you build.
All starter templates offer multiple options for implementing your data access layer.
ABP allows you to build with multiple UI framework options.
Explore detailed documentation, API references, and implementation guides.
