Issuing a Bearer JWT Token using Identity Core

2
votes

I have a mobile app that uses RESTful calls to a ASP.NET Core apis and Angular 2 app that is doing RESTful calls as well. I am also using Identity Core to authenticate users (Identity 3.0).

I want to issue a bearer token based on the Identity framework and authenticate users using Resource Owner Password Credentials Grant (that is simply giving my website the username and password and it will issue a token, as this is a trusted environment).

  • Is there an easy configuration within ASP.NET CORE 1.0 RTM to do this?
  • AspNet.Security.OpenIdConnect.Server I am looking at this one and it looks like a smaller version of OpenIdDict, but the author mentions it is for Owin/Katana, I am not using any.
  • OpenIdDict is a framework that does this, but first it is Alpha release and second it requires a separate website which will incur extra maintenance and performance hit to communicate via HTTP to another server.
  • IdentityServer4 which looks too big for what I want to achieve and I am not sure if it integrates with Identity Core and I am only interested in the password grant. And it looks like it requires a separate website.

I would appreciate if you clarify the picture of the points above and let me know if these are my only options or am I missing something.

I don't want to be a public identity provider, I want to simply issue tokens for my own users.

1
oauth-2.0asp.net-identityasp.net-core-mvcopenid-connectaspnet-contrib

1 Answers

3
votes

AspNet.Security.OpenIdConnect.Server I am looking at this one and it looks like a smaller version of OpenIdDict, but the author mentions it is for Owin/Katana, I am not using any.

AspNet.Security.OpenIdConnect.Server (codenamed ASOS) is not really a "smaller version of OpenIddict" but a low-level OAuth2/OpenID Connect server framework that you can use to build your own authorization server/identity provider.

It doesn't depend on any membership stack (like ASP.NET Core Identity) and can be virtually added to any existing environment.

Note that while there's an OWIN/Katana version (named Owin.Security.OpenIdConnect.Server), the main bits target ASP.NET Core and are of course compatible with both .NET Desktop and .NET Core.

If you want to learn more about this project, I'd suggest reading this blog posts series: http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction

OpenIdDict is a framework that does this, but first it is Alpha release and second it requires a separate website which will incur extra maintenance and performance hit to communicate via HTTP to another server.

While it's true that OpenIddict is only available as pre-release alpha builds, using it in a separate project is not mandatory (nor even recommended): you can of course add it to your main project.

Since you're trying to implement the ROPC grant, I'd recommend reading these blog posts:

IdentityServer4 which looks too big for what I want to achieve and I am not sure if it integrates with Identity Core and I am only interested in the password grant. And it looks like it requires a separate website.

AFAIK, IdentityServer4 doesn't offer any official IdSrv/Identity integration (yet?), but I'm pretty sure there are already a few bridges developed by the community.