Overview
The big Picture
Terminology
Supported Specifications
Packaging and Builds
Support and Issues
Demo Server
Fundamentals
Hosting
Resources
Identity Resources
API Scopes
API Resources
Resource Isolation
Clients
Users and Logging In
Claims
Key Management
License Key
Quickstarts
Overview
Protecting an API using Client Credentials
Interactive Applications with ASP.NET Core
ASP.NET Core and API access
Using EntityFramework Core for configuration and operational data
Building JavaScript client applications
JavaScript applications with a backend
JavaScript applications without a backend
Using ASP.NET Core Identity
User Interaction
Login
Authentication Session
Redirecting back to the client
Login Context
Accepting Local Credentials
Integrating with External Providers
Dynamic Providers
Windows Authentication
Logout
Logout Context
Ending the Session
Client Notifications
Returning to the Client
External Logout
External Logout Notification
Error
Consent
Custom Pages
Federation Gateway
Requesting Tokens
Overview
Requesting a Token
Refreshing a Token
Issuing Tokens based on User Passwords
Extension Grants
Token Exchange
Dynamic Request Validation and Customization
Issuing internal Tokens
Proof-of-Possession Access Tokens
Reference Tokens
Client Authentication
Overview
Shared Secrets
Private Key JWTs
TLS Client Certificates
Signed Authorize Requests
Calling Endpoints from JavaScript
Protecting APIs
Protecting APIs using ASP.NET Core
Using JWTs
Using Reference Tokens
Authorization based on Scopes and other Claims
Validating Proof-of-Possession
Adding API Endpoints to your IdentityServer
Data Stores and Persistence
Configuration Data
Operational Data
Grants
Keys
Entity Framework Integration
Diagnostics
Logging
Events
ASP.NET Identity Integration
BFF Security Framework
Overview
Architecture
Authentication & Session Management
ASP.NET Core Authentication System
Session Management Endpoints
Server-side Sessions
API Endpoints
Local APIs
Remote APIs
Token Management
Configuration Options
Extensibility
Management Endpoints
Session Management
Token Management
Reverse Proxy
Deployment
Proxy Servers and Load Balancers
ASP.NET Core Data Protection
IdentityServer Data Stores
Distributed Caching
Upgrading
Duende IdentityServer v5.1 to v5.2
Duende IdentityServer v5.0 to v5.1
IdentityServer4 v4.1 to Duende IdentityServer v5
IdentityServer4 v3.1 to Duende IdentityServer v5
Samples
Basics
User Interaction
ASP.NET Identity Integration
Windows Authentication
Backend for Frontend Pattern
Extension Grants and Token Exchange
Personal Access Tokens (PAT)
Miscellaneous
Reference
IdentityServer Options
DI Extension Methods
Endpoints
Discovery Endpoint
Authorize Endpoint
Token Endpoint
UserInfo Endpoint
Introspection Endpoint
Revocation Endpoint
End Session Endpoint
Device Authorization Endpoint
Models
Identity Resource
API Scope
API Resource
Client
Identity Provider
Grant Validation Result
Secrets
Services
Profile Service
Persisted Grant Service
Refresh Token Service
IdentityServer Interaction Service
Device Flow Interaction Service
Response Generators
Authorize Interaction Response Generator
Stores
Resource Store
Client Store
CORS Policy Service
Identity Provider Store
Persisted Grant Store
Device Flow Store
Signing Key Store
Validators
Extension Grant Validator
Custom Token Request Validator
Edit this page
Home
> Requesting Tokens
Requesting Tokens
At its very heart, Duende IdentityServer is a so-called
Security Token Service
(STS).
Overview
Requesting a Token
Refreshing a Token
Issuing Tokens based on User Passwords
Extension Grants
Dynamic Request Validation and Customization
Issuing internal Tokens
Proof-of-Possession Access Tokens
Reference Tokens
Client Authentication
Signed Authorize Requests
Calling Endpoints from JavaScript