ASP.NET Core 2.0 API, Angular SPA: OpenIddict Vs JWT Middleware

2
votes

I want to create an angular application with an asp.net core 2.0 api as the backend.

I can see some articles saying you must use OpenIddict/Identity Server 4 to handle the JWT auth and others showing how to do it with the built in JWT middleware from Microsoft.

What is the distinction between the two? Under what circumstances would I use the built in middleware and what circumstances the JWT middleware from Microsoft?

1
asp.net-corejwt
To my best knowledge, both 'OpenIddict/Identity Server4' doesn't support .Net Core 2 at the moment. However, they do support .Net Core older versions. So before you even wanted to know the difference, better you wait for their support for .Net Core 2.0. - immirza
@immirza FYI, OpenIddict is already fully compatible with ASP.NET Core 2.0 (make sure you're using the 2.0.0-preview1-* OpenIddict nightly builds). Samples can be found here: github.com/openiddict/openiddict-samples - Kévin Chalet
@Pinpoint thanks for your point, Is it surely a safe step to use '2.0.0-preview1-* OpenIddict nightly builds' instead using the final stable? or i am confused with different preview nightly build vs stable? - immirza
@immirza there's no stable release for OpenIddict yet. - Kévin Chalet

1 Answers

2
votes

What is the distinction between the two?

The difference is actually quite simple: OpenID Connect servers like OpenIddict or IdentityServer issue access tokens and the JWT bearer middleware validates them for your API controllers.