Getting Started with Duende IdentityServer + .Net5
IdentityServer is the popular OSS OpenID Connect and OAuth framework for ASP.NET Core. It allows your ASP.NET Core website to act as an OpenID Provider and OAuth authorization server, offering both Single Sign-On (SSO) and API protection out of the box. IdentityServer takes care of the protocol support, but user authentication is up to you, the developer.
IdentityServer4 vs Duende IdentityServer
As of 2021, IdentityServer switched to a commercial license and is now known as Duende IdentityServer (kind of IdentityServer v5). Duende IdentityServer is still OSS, but the license now requires most organizations to purchase a license from Duende. Right now, the codebase is basically the same.
Now that you know the “difference” between IdentityServer4 and Duende IdentityServer let’s review some terminology.
Grant Types
Client Credentials -> no user involved, machine to machine, trusted 1st party sources, server/server
Resource Owner Password -> user involved, trusted 1st party apps, spa, js, native 1st party
Authorization Code -> google, Facebook, etc, user involved, web app, server app
Implicit -> web applications, user, server-side web apps
Hybrid -> combination of implicit and authorization code, user, native apps, server-side…
