• Overview
    • The big Picture
    • Terminology
    • Supported Specifications
    • Packaging and Builds
    • Support and Issues
    • Security best-practices
    • Demo Server
    • Glossary
    • Resources
  • Fundamentals
    • Hosting
    • Resources
      • Identity Resources
      • API Scopes
      • API Resources
      • Resource Isolation
    • Clients
    • Users and Logging In
    • Claims
    • Key Management
      • Automatic Key Management
      • Manual Key Management
      • Migrating from Static Keys to Automatic Key Management
    • License Key
  • Quickstarts
    • Overview
    • Protecting an API using Client Credentials
    • Interactive Applications with ASP.NET Core
    • ASP.NET Core and API access
    • Using EntityFramework Core for configuration and operational data
    • Using ASP.NET Core Identity
    • Building JavaScript client applications
      • JavaScript applications with a backend
      • JavaScript applications without a backend
    • Building Blazor WASM client applications
  • User Interaction
    • Login
      • Authentication Session
      • Redirecting back to the client
      • Login Context
      • Accepting Local Credentials
      • Integrating with External Providers
      • Dynamic Providers
      • Windows Authentication
    • Logout
      • Logout Context
      • Ending the Session
      • Client Notifications
      • Returning to the Client
      • External Logout
      • External Logout Notification
    • Error
    • Consent
    • Custom Pages
    • Federation Gateway
    • Client Initiated Backchannel Authentication (CIBA)
    • Server-Side Sessions
      • Session Management
      • Session Expiration
      • Inactivity Timeout
    • Client Application Portal
  • Requesting Tokens
    • Overview
    • Requesting a Token
    • Refreshing a Token
    • Issuing Tokens based on User Passwords
    • Extension Grants
      • Token Exchange
    • Dynamic Request Validation and Customization
    • Issuing Internal Tokens
    • Proof-of-Possession Access Tokens
      • Mutual TLS
      • DPoP
    • Reference Tokens
    • Client Authentication
      • Overview
      • Shared Secrets
      • Private Key JWTs
      • TLS Client Certificates
    • Signed Authorize Requests
    • Calling Endpoints from JavaScript
  • Protecting APIs
    • Protecting APIs using ASP.NET Core
      • Using JWTs
      • Using Reference Tokens
      • Authorization based on Scopes and other Claims
      • Validating Proof-of-Possession
    • Adding API Endpoints to your IdentityServer
  • Data Stores and Persistence
    • Configuration Data
    • Operational Data
      • Grants
      • Keys
      • Server-Side Sessions
    • Entity Framework Integration
  • Diagnostics
    • Logging
    • Events
    • OpenTelemetry
  • ASP.NET Identity Integration
  • BFF Security Framework
    • Overview
    • Architecture
      • UI Hosting
      • Third Party Cookies
    • Authentication & Session Management
      • ASP.NET Core Authentication System
      • Session Management Endpoints
        • Login
        • User
        • Logout
        • Silent Login
        • Diagnostics
        • Back-Channel Logout
      • Server-side Sessions
    • API Endpoints
      • Remote APIs
      • YARP extensions
      • Local APIs
    • Token Management
    • Configuration Options
    • Extensibility
      • Management Endpoints
        • Login
        • Silent Login
        • Silent Login Callback
        • Logout
        • User
        • Back-Channel Logout
        • Diagnostics
      • Session Management
      • Token Management
      • HTTP Forwarder
  • Configuration API
    • Dynamic Client Registration
      • Installation and Hosting
      • Authorization
      • Calling the Registration Endpoint
      • Customization
      • Reference
        • Validation
        • Request Processing
        • Store
        • Response Generation
        • Models
        • Options
  • Deployment
    • Proxy Servers and Load Balancers
    • ASP.NET Core Data Protection
    • IdentityServer Data Stores
    • Distributed Caching
    • Health Checks
  • Upgrading
    • Duende IdentityServer v6.2 to v6.3
    • Duende IdentityServer v6.1 to v6.2
    • Duende IdentityServer v6.0 to v6.1
    • Duende IdentityServer v5.2 to v6.0
    • Duende IdentityServer v5.1 to v5.2
    • Duende IdentityServer v5.0 to v5.1
    • IdentityServer4 v4.1 to Duende IdentityServer v6
    • IdentityServer4 v4.1 to Duende IdentityServer v5
    • IdentityServer4 v3.1 to Duende IdentityServer v6
    • IdentityServer4 v3.1 to Duende IdentityServer v5
    • Microsoft SPA and Blazor Templates
  • Samples
    • Basics
    • User Interaction
    • ASP.NET Identity Integration
    • Requesting tokens
    • Backend for Frontend Pattern
    • Clients
    • Diagnostics
    • Configuration API
    • Miscellaneous
  • Reference
    • IdentityServer Options
    • EF Options
      • Operational Options
      • Configuration Options
    • DI Extension Methods
    • Endpoints
      • Discovery Endpoint
      • Authorize Endpoint
      • Token Endpoint
      • UserInfo Endpoint
      • Introspection Endpoint
      • Revocation Endpoint
      • End Session Endpoint
      • Device Authorization Endpoint
      • Backchannel Authentication Endpoint
    • Models
      • Identity Resource
      • API Scope
      • API Resource
      • Client
      • Identity Provider
      • Grant Validation Result
      • Secrets
      • Backchannel User Login Request
    • Services
      • Profile Service
      • Persisted Grant Service
      • Refresh Token Service
      • User Session Service
      • Session Management Service
      • IdentityServer Interaction Service
      • Device Flow Interaction Service
      • Backchannel Authentication Interaction Service
      • Backchannel Authentication User Notification Service
    • Response Generators
      • Authorize Interaction Response Generator
      • Token Response Generator
    • Stores
      • Resource Store
      • Client Store
      • CORS Policy Service
      • Identity Provider Store
      • Persisted Grant Store
      • Device Flow Store
      • Backchannel Authentication Request Store
      • Signing Key Store
      • Server-Side Session Store
    • Validators
      • Custom Authorize Request Validator
      • Custom Token Request Validator
      • Backchannel Authentication User Validator
      • DPoP Proof Validator
      • Extension Grant Validator
Edit this page
Home > Overview

Overview

    The big Picture

    Terminology

    Supported Specifications

    Packaging and Builds

    Support and Issues

    Security best-practices

    Demo Server

    Glossary

    Resources