Use of OpenIddict as an alternative to IdentityServer4

[hellcoderGIT]

With the recent mess of IdentityServer4 becoming a paid product, it would be great to see an OpenIddict implementation.

[enkodellc]

@hellcoderGIT, I have not paid a lot of attention to IS4's movement to a paid product. I would absolutely look into alternative solutions. I don't have a ton of time to do that at the moment. I am not familiar with OpenIddict but will look into it a bit more. Are you willing to submit a PR?

[GioviQ]

Please read https://devblogs.microsoft.com/aspnet/asp-net-core-6-and-authentication-servers/

[hellcoderGIT]

I will consider a PR if I find the time myself to take care of this, but I'm definitely not the best person for the job, new to all this identity stuff and from what I read OpenIddict is quite different to IS4 despite using the same open standards. From what I can tell there is considerable interest in having an Admin UI for OpenIddict, the only one that exists is part of a huge project and not what most (I assume) are looking for.

Here is an interesting Statement from Kevin, the guy behind OpenIddict about the whole MS Identity Story: https://kevinchalet.com/2021/05/24/asp-net-core-6-and-authentication-servers-the-real-bait-and-switch-is-not-the-one-you-think/

[decodemyproject]

I haven't explicitly read the licensing terms, but I think including Duende Idsrv in this project is okay. In the end, you're not making money from it. It's also free to use in development and testing environments. - although limited.

Changing to OpenIddict might solve the problem in the short term, but who's to say that in a year or so, OpenIddict isn't changing to a paid licensing model as well?

Creating a version of Blazor Boilerplate that uses OpenIddict is not much harder than creating a version that uses IdentityServer, but effort, in my honest opinion, should go towards making Blazor Boilerplate Authentication/Authorization agnostic. Users should implement their own Identity Provider of choice. But, providing them a template that shows them how to work with Idsrv or OpenIddict is definitely something you can do if you do want to have a ready-to-go authentication / authorization system.

Remember, both Idsrv & Openiddict are full-blown Identity Providers and you're not using even 10% of the functionality it provides. It might be easier to create your own authentication service inside the boilerplate, creating a simple JWT token provider is probably all you need in this case.

[rjbullock]

Just my opinion, but I’d like to see Identity Server removed from the template. It seems overkill for 90% of applications. Even if it’s an enterprise app, wouldn’t you implement Identity Server separately if you wanted it? Unnecessarily complicates things to me. Not wild about Breeze either. Why introduce external libraries for a boilerplate template? It’s harder to remove dependencies than add them when you want them.

[rjbullock]

I haven't explicitly read the licensing terms, but I think including Duende Idsrv in this project is okay. In the end, you're not making money from it. It's also free to use in development and testing environments. - although limited.

Changing to OpenIddict might solve the problem in the short term, but who's to say that in a year or so, OpenIddict isn't changing to a paid licensing model as well?

Creating a version of Blazor Boilerplate that uses OpenIddict is not much harder than creating a version that uses IdentityServer, but effort, in my honest opinion, should go towards making Blazor Boilerplate Authentication/Authorization agnostic. Users should implement their own Identity Provider of choice. But, providing them a template that shows them how to work with Idsrv or OpenIddict is definitely something you can do if you do want to have a ready-to-go authentication / authorization system.

Remember, both Idsrv & Openiddict are full-blown Identity Providers and you're not using even 10% of the functionality it provides. It might be easier to create your own authentication service inside the boilerplate, creating a simple JWT token provider is probably all you need in this case.

100% agree!

[GioviQ]

I am just using this template with IdentityServer to authenticate machines (IoT).

[marcusjm]

One thing to consider is to use OrchardCore(without the CMS parts), then you don't need to put much effort at all into it :).

[chihabhajji]

is this stale ?

[enkodellc]

I do not have the time to implement another one at this time. The project I am using it for is not fully commercial at this time. Would be nice if someone would step up and submit a PR for one of the solutions suggested.

[enkodellc]

Removed IS4.