Overview
The big Picture
Terminology
Supported Specifications
Packaging and Builds
Support and Issues
Security best-practices
Demo Server
Glossary
Resources
Fundamentals
Hosting
Resources
Identity Resources
API Scopes
API Resources
Resource Isolation
Clients
Users and Logging In
Claims
Key Management
Automatic Key Management
Manual Key Management
Migrating from Static Keys to Automatic Key Management
License Key
Quickstarts
Overview
Protecting an API using Client Credentials
Interactive Applications with ASP.NET Core
ASP.NET Core and API access
Using EntityFramework Core for configuration and operational data
Using ASP.NET Core Identity
Building JavaScript client applications
JavaScript applications with a backend
JavaScript applications without a backend
Building Blazor WASM client applications
User Interaction
Login
Authentication Session
Redirecting back to the client
Login Context
Accepting Local Credentials
Multi Factor Authentication
Integrating with External Providers
Dynamic Providers
Windows Authentication
Logout
Logout Context
Ending the Session
Client Notifications
Returning to the Client
External Logout
External Logout Notification
Error
Consent
Custom Pages
Federation Gateway
Client Initiated Backchannel Authentication (CIBA)
Server-Side Sessions
Session Management
Session Expiration
Inactivity Timeout
Client Application Portal
Requesting Tokens
Overview
Requesting a Token
Refreshing a Token
Issuing Tokens based on User Passwords
Extension Grants
Token Exchange
Dynamic Request Validation and Customization
Issuing Internal Tokens
Proof-of-Possession Access Tokens
Mutual TLS
DPoP
Reference Tokens
Client Authentication
Overview
Shared Secrets
Private Key JWTs
TLS Client Certificates
Signed Authorize Requests
Calling Endpoints from JavaScript
Protecting APIs
Protecting APIs using ASP.NET Core
Using JWTs
Using Reference Tokens
Authorization based on Scopes and other Claims
Validating Proof-of-Possession
Adding API Endpoints to your IdentityServer
Data Stores and Persistence
Configuration Data
Operational Data
Grants
Keys
Server-Side Sessions
Entity Framework Integration
Diagnostics
Logging
Events
OpenTelemetry
ASP.NET Identity Integration
BFF Security Framework
Overview
Architecture
UI Hosting
Third Party Cookies
Authentication & Session Management
ASP.NET Core Authentication System
Session Management Endpoints
Login
User
Logout
Silent Login
Diagnostics
Back-Channel Logout
Server-side Sessions
API Endpoints
Local APIs
Remote APIs
YARP extensions
Token Management
Configuration Options
Extensibility
Management Endpoints
Login
Silent Login
Silent Login Callback
Logout
User
Back-Channel Logout
Diagnostics
Session Management
Token Management
HTTP Forwarder
Configuration API
Dynamic Client Registration
Installation and Hosting
Authorization
Calling the Registration Endpoint
Customization
Reference
Validation
Request Processing
Store
Response Generation
Models
Options
Deployment
Proxy Servers and Load Balancers
ASP.NET Core Data Protection
IdentityServer Data Stores
Distributed Caching
Health Checks
Upgrading
Duende IdentityServer v6.2 to v6.3
Duende IdentityServer v6.1 to v6.2
Duende IdentityServer v6.0 to v6.1
Duende IdentityServer v5.2 to v6.0
Duende IdentityServer v5.1 to v5.2
Duende IdentityServer v5.0 to v5.1
IdentityServer4 v4.1 to Duende IdentityServer v6
IdentityServer4 v3.1 to Duende IdentityServer v6
Microsoft SPA and Blazor Templates
Samples
Basics
User Interaction
ASP.NET Identity Integration
Requesting tokens
Backend for Frontend Pattern
Clients
Diagnostics
Configuration API
Miscellaneous
Reference
IdentityServer Options
EF Options
Operational Options
Configuration Options
DI Extension Methods
Endpoints
Discovery Endpoint
Authorize Endpoint
Token Endpoint
UserInfo Endpoint
Introspection Endpoint
Revocation Endpoint
End Session Endpoint
Device Authorization Endpoint
Backchannel Authentication Endpoint
Models
Identity Resource
API Scope
API Resource
Client
Identity Provider
Grant Validation Result
Secrets
Backchannel User Login Request
Services
Profile Service
Persisted Grant Service
Refresh Token Service
User Session Service
Session Management Service
IdentityServer Interaction Service
Device Flow Interaction Service
Backchannel Authentication Interaction Service
Backchannel Authentication User Notification Service
Response Generators
Authorize Interaction Response Generator
Token Response Generator
Stores
Resource Store
Client Store
CORS Policy Service
Identity Provider Store
Persisted Grant Store
Device Flow Store
Backchannel Authentication Request Store
Signing Key Store
Server-Side Session Store
Validators
Custom Authorize Request Validator
Custom Token Request Validator
Backchannel Authentication User Validator
DPoP Proof Validator
Extension Grant Validator
Edit this page
Home
> Diagnostics
Diagnostics
Logging
Events
OpenTelemetry