OpenIddict aims at providing a versatile solution to implement OpenID Connect client, server and token validation support in any ASP.NET Core 2.1 (and higher) application. ASP.NET 4.6.1 (and higher) applications are also fully supported thanks to a native Microsoft.Owin 4.2 integration.
To implement a custom OpenID Connect server using OpenIddict, read Getting started.
Samples demonstrating how to use OpenIddict with the different OAuth 2.0/OpenID Connect flows can be found in the dedicated repository.
Developers looking for a simple and turnkey solution are strongly encouraged to use OrchardCore and its OpenID module, which is based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.
Looking to integrate with a SAML2P Identity Provider (IDP) or Service Provider (SP)? Rock Solid Knowledge, a sponsor of OpenIddict, is developing a range of identity components to enhance your OpenIddict solution. The first of these is their popular SAML2P component.
ASP.NET Core 2.1 on .NET Core 2.1, ASP.NET Core 3.1 and 5.0 are no longer supported by Microsoft. While OpenIddict can still be used on these platforms thanks to its .NET Standard 2.0 compatibility, users are strongly encouraged to migrate to ASP.NET Core/.NET 6.0.
NOTE
The following features are not available when targeting .NET Framework 4.6.1:
X.509 development encryption/signing certificates: calling AddDevelopmentEncryptionCertificate() or AddDevelopmentSigningCertificate() will result in a PlatformNotSupportedException being thrown at runtime if no valid development certificate can be found and a new one must be generated.
X.509 ECDSA signing certificates/keys: calling AddSigningCertificate() or AddSigningKey() with an ECDSA certificate/key will always result in a PlatformNotSupportedException being thrown at runtime.
Unlike many other identity providers, OpenIddict is not a turnkey solution but a framework that requires writing custom code to be operational (typically, at least an authorization controller), making it a poor candidate for the certification program.
While a reference implementation could be submitted as-is, this wouldn't guarantee that implementations deployed by OpenIddict users would be standard-compliant.
Instead, developers are encouraged to execute the conformance tests against their own deployment once they've implemented their own logic.
TIP
The samples repository contains a dedicated sample specially designed to be used with the OpenID Connect Provider Certification tool and demonstrate that OpenIddict can be easily used in a certified implementation. To allow executing the certification tests as fast as possible, that sample doesn't include any membership or consent feature (two hardcoded identities are proposed for tests that require switching between identities).
Security issues and bugs should be reported privately by emailing security@openiddict.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
If you need support, please make sure you sponsor the project before creating a GitHub ticket. If you're not a sponsor, you can post your questions on Gitter or StackOverflow:
With OpenIddict 5.0 now being generally available, the previous version, OpenIddict 4.0, stops being supported and won't receive bug fixes or security updates. As such, it is recommended to migrate to OpenIddict 5.0 to continue receiving bug and security fixes.
There are, however, two exceptions to this policy:
ABP Framework 7.0 users will still receive patches for OpenIddict 4.x for as long as ABP Framework 7.0 itself is supported by Volosoft (typically a year following the release of ABP 8.0), whether they have a commercial ABP license or just use the free packages.
OpenIddict sponsors who have opted for a $250+/month sponsorship are now offered extended support:
$250/month sponsors get full support for OpenIddict 4.x until June 18, 2024 (6 months).
$500/month sponsors get full support for OpenIddict 4.x until December 18, 2024 (12 months).
$1,000/month sponsors get full support for OpenIddict 4.x until December 18, 2025 (24 months).
If you want to try out the latest features and bug fixes, there is a MyGet feed with nightly builds of OpenIddict. To reference the OpenIddict MyGet feed, create a NuGet.config file (at the root of your solution):
