The Configuration API can be installed in a separate host from IdentityServer, or in the same host. In many cases it is desirable to host the configuration API and IdentityServer separately. This facilitates the ability to restrict access to the configuration API at the network level separately from IdentityServer and keeps IdentityServer’s access to the configuration data read-only. In other cases, you may find that hosting the two systems together better fits your needs.
To host the configuration API separately from IdentityServer:
dotnet new web -n Configuration
cd Configuration
dotnet add package Duende.IdentityServer.Configuration
builder.Services.AddIdentityServerConfiguration(opt =>
opt.LicenseKey = "<license>";
);
The Configuration API feature is included in the IdentityServer Business edition license and higher. Use the same license key for IdentityServer and the Configuration API.
The Configuration API uses the IClientConfigurationStore abstraction to persist new clients to the configuration store. Your Configuration API host needs an implementation of this interface. You can either use the built-in Entity Framework based implementation, or implement the interface yourself. See the IClientConfigurationStore reference for more details. If you wish to use the built-in implementation, install its NuGet package and add it to DI.
dotnet add package Duende.IdentityServer.Configuration.EntityFramework
builder.Services.AddIdentityServerConfiguration(opt =>
opt.LicenseKey = "<license>"
).AddClientConfigurationStore();
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
builder.Services.AddConfigurationDbContext<ConfigurationDbContext>(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlite(connectionString);
});
app.MapDynamicClientRegistration().RequireAuthorization("DCR");
MapDynamicClientRegistration registers the DCR endpoints and returns an IEndpointConventionBuilder which you can use to define authorization requirements for your DCR endpoint. See Authorization for more details.
To host the configuration API in the same host as IdentityServer:
dotnet add package Duende.IdentityServer.Configuration
builder.Services.AddIdentityServerConfiguration();
The Configuration API uses the IClientConfigurationStore abstraction to persist new clients to the configuration store. Your Configuration API host needs an implementation of this interface. You can either use the built-in Entity Framework-based implementation, or implement the interface yourself. See the IClientConfigurationStore reference for more details. If you wish to use the built-in implementation, install its NuGet package and add it to DI.
dotnet add package Duende.IdentityServer.Configuration.EntityFramework
builder.Services.AddIdentityServerConfiguration(opt =>
opt.LicenseKey = "<license>"
).AddClientConfigurationStore();
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
builder.Services.AddConfigurationDbContext<ConfigurationDbContext>(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlite(connectionString);
});
app.MapDynamicClientRegistration().RequireAuthorization("DCR");
MapDynamicClientRegistration registers the DCR endpoints and returns an IEndpointConventionBuilder which you can use to define authorization requirements for your DCR endpoint. See Authorization for more details.