Oidc.Server
Flexible OpenID Connect and OAuth 2.0 server-side implementation for modern ASP.NET projects
Install / Use
/learn @Abblix/Oidc.ServerREADME
<a name="top"></a>
⭐ Star us on GitHub — your support motivates us a lot! 🙏😊
🔥 Why OIDC Server is the best choice for authentication — find out in our presentation 📑
Abblix Account
💎 Abblix Account is a ready-to-use service hosted in the cloud, built on this library. You get passkeys, MFA, social login, and security event notifications — everything your users need, integrated into your website in minutes.
👉 See it live: Quorvel Coffee is a demo application using Abblix Account for user authentication. It shows how sign-in flows, session management, and user self-service — all delivered by Abblix Account — fit into a client website.
Table of Contents
- About
- What's New
- Certification
- How to Build
- Documentation
- Feedback and Contributions
- License
- Contacts
🚀 About
Abblix OIDC Server is a .NET library designed to provide comprehensive support for OAuth2 and OpenID Connect on the server side. It adheres to high standards of flexibility, reusability, and reliability, utilizing well-known software design patterns, including modular and hexagonal architectures. These patterns ensure the following benefits:
- Modularity: Different parts of the library can function independently, enhancing the library's modularity and allowing for easier maintenance and updates.
- Testability: Improved separation of concerns makes the code more testable.
- Maintainability: Clear structure and separation facilitate better management of the codebase.
The library also supports Dependency Injection through the standard .NET DI container, aiding in the organization and management of code. Specifically tailored for seamless integration with ASP.NET WebApi, Abblix OIDC Server employs standard controller classes, binding, and routing mechanisms, simplifying the integration of OpenID Connect into your services.
✨ What's New
Version 2.2 (Latest)
🚀 Features
- Custom JWT Implementation: Complete JWT signing/encryption infrastructure replacing
Microsoft.IdentityModel.Tokens— usesSystem.Text.Json.Nodesand .NET crypto primitives directly - Enhanced JWE Algorithms:
RSA-OAEP-256, AES-GCM key wrapping (A128GCMKW/A192GCMKW/A256GCMKW), and direct key agreement (dir) - ACR/AMR Compliance (RFC 8176): Authentication Context Class Reference values in discovery and RFC 8176 Authentication Method References
- CSP Nonce Support: Template-based front-channel logout and check session iframe compatible with strict Content Security Policies
✏️ Improvements
- Configurable session cookie path in OIDC Session Management
- Operation capability validation for
JsonWebKeyclasses - Bidirectional interoperability tests with
Microsoft.IdentityModel.Tokens
See 📋Release Notes for full details.
🎓 Certification
We are certified in all profiles. During the certification process, we skipped ZERO tests and received NO warnings. All 634 tests 
For convenience, the certification information is provided in the tables below:
Regular Profiles
|OIDC Profile|Response Types (links to official OpenID Foundation test results)|Tests| |:-|:-|:-| |Basic OP|code|36| |Implicit OP|id_token|58| |Hybrid OP|code id_token|102| |Config OP|config|1| |Dynamic OP|code | code id_token | code id_token token | code token | id_token | id_token token|127| |Form Post OP|basic | implicit | hybrid|196| |3rd Party-Init OP|code | code id_token | code id_token token | code token | id_token | id_token token|12| |Total||532|
Logout Profiles
|OIDC Profile|Response Types (links to official OpenID Foundation test results)|Tests| |:-|:-|:-| |RP-Initiated OP|code | code id_token | code id_token token | code token | id_token | id_token token|66| |Session OP|[code](https://www.certification.openid.net/plan-detail.html?public=true&
