Skip to content
Introducing the next era of Duende IdentityServer. Read our CEO’s announcement

Stores

Stores in IdentityServer are the persistence layer abstractions responsible for managing various types of data needed for the authentication and authorization processes. They provide interfaces to store and retrieve configuration and operational data.

Configuration stores manage the relatively static data that defines how IdentityServer behaves:

StorePurpose
IClientStoreClient application registrations
IResourceStoreAPI resources, API scopes, and identity resources
IIdentityProviderStoreDynamic external identity providers
ICorsPolicyServiceCORS origin validation for clients

Operational stores manage transient, runtime data that supports active authentication flows:

StorePurpose
IPersistedGrantStoreAuthorization codes, refresh tokens, reference tokens, and user consent
IDeviceFlowStoreDevice authorization grant data
IBackChannelAuthenticationRequestStoreCIBA authentication requests
IPushedAuthorizationRequestStorePushed Authorization Requests (PAR)
IServerSideSessionStoreServer-side user sessions
ISigningKeyStoreAutomatic key management signing keys

These stores provide signing and validation keys to the runtime:

StorePurpose
ISigningCredentialStoreProvides the active signing credential for token signing
IValidationKeysStoreProvides all public keys for token validation (published via JWKS)

IdentityServer provides default in-memory implementations suitable for development and testing. These are registered via the DI extension methods:

builder.Services.AddIdentityServer()
.AddInMemoryClients(Config.Clients)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryIdentityResources(Config.IdentityResources);

For production environments, use the Entity Framework Core integration or implement custom stores using your preferred database technology.