You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/identityserver/tokens/client-authentication.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,7 +31,7 @@ Duende IdentityServer has built-in support for various client credential types a
31
31
All information in this section also applies to [API secrets](/identityserver/reference/models/api-resource/) for introspection.
32
32
:::
33
33
34
-
**We recommend using asymmetric client credentials like the [*private key jwt*](#private-key-jwts) or [*Mutual TLS*](#mutual-tls-client-certificates) authentication method over shared secrets.**
34
+
**We recommend using asymmetric client credentials like the [*private key JWT*](#private-key-jwts) or [*Mutual TLS (mTLS)*](#mutual-tls-client-certificates) authentication method over shared secrets.**
During request processing, the secret must be somehow extracted from the incoming request. The various specs describe a couple of options, e.g. as part of the authorization header or the body payload.
62
62
63
-
It is the job of implementations of the [ISecretParser](/identityserver/reference/models/secrets#duendeidentityservervalidationisecretparser) interface to accomplish this. You can add secret parsers by calling the `AddSecretParser()` service provider extension method.
63
+
It is the job of implementations of the [`ISecretParser`](/identityserver/reference/models/secrets#duendeidentityservervalidationisecretparser) interface to accomplish this. You can add secret parsers by calling the `AddSecretParser()` service provider extension method.
64
64
65
65
The following secret parsers are part of Duende IdentityServer:
66
66
@@ -86,7 +86,7 @@ The following secret parsers are part of Duende IdentityServer:
86
86
87
87
88
88
### Secret Validation
89
-
It is the job of implementations of the [ISecretValidator](/identityserver/reference/models/secrets.md#duendeidentityservermodelparsedsecret) interface to validate the extracted credentials.
89
+
It is the job of implementations of the [`ISecretValidator`](/identityserver/reference/models/secrets.md#duendeidentityservermodelparsedsecret) interface to validate the extracted credentials.
90
90
91
91
You can add secret validators by calling the `AddSecretValidator()` service provider extension method.
Copy file name to clipboardExpand all lines: src/content/docs/identityserver/tokens/index.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,9 +25,10 @@ While the `authorize` endpoint can be used for some special cases, you typically
25
25
The following token types are supported.
26
26
27
27
### Identity Token
28
-
During user authentication, your IdentityServer collects data about the user, e.g. authentication method, authentication time, some protocol information and a unique identifier for the user that was authenticated, to communicate back to the client application “what happened at the token service”.
28
+
During user authentication, your IdentityServer collects data about the user, e.g. authentication method, authentication time, some protocol information, and a unique identifier for the user that was authenticated.
29
+
This data is used to communicate back to the client application “what happened at the token service”.
29
30
30
-
This data must be sent in a format that is both tamper proof and that allows the client to authenticate the issuer. In OIDC this format is JSON – and the way to add the above security properties to a JSON object is by wrapping it in a JWT (along with JWS, JWA and JWK) – hence the name identity `token`.
31
+
This data must be sent in a format that is both tamperproof and allows the client to authenticate the issuer. In OIDC this format is JSON. The way to add the above security properties to a JSON object is by wrapping it in a JWT (along with JWS, JWA, and JWK) – hence the name identity *token*.
31
32
32
33
The data includes token lifetime information (`exp`, `iat`, `nbf`), the authentication method (`amr`) and time (`auth_time`), the authentication source (`idp`), the session ID (`sid`) and information about the user (`sub` and `name`).
Copy file name to clipboardExpand all lines: src/content/docs/identityserver/upgrades/identityserver4-v3-to-duende-identityserver-v6.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,19 +13,19 @@ redirect_from:
13
13
---
14
14
15
15
This upgrade guide covers upgrading from IdentityServer4 v3.1.x to Duende IdentityServer v6.
16
-
This upgrade is a complex one because the configuration object model had some non-trivial changes from IdentityServer4 v3 to IdentityServer4 v4.
16
+
This upgrade is more complex because the configuration object model had some non-trivial changes from IdentityServer4 v3 to IdentityServer4 v4.
17
17
18
18
In short, in IdentityServer4 v3 there was a parent-child relationship between the ApiResources and the ApiScopes.
19
19
Then in IdentityServer4 v4 the ApiScopes was promoted to be its own top-level configuration.
20
20
This meant that the child collection under the ApiResources was renamed to ApiResourcesScopes and it contained a reference to the new top-level ApiScopes.
21
21
22
22
If you were using a database for this configuration, then this means that configuration changed from a parent-child, to two top-level tables with a join table between them (to put it loosely). The new ApiResourcesScopes table was created to act as that join table.
23
23
24
-
Also, all the prior tables that were associated with the ApiResources were prefixed with "Api" and that prefix became "ApiResource" to better indicate the association.
24
+
Also, all the prior tables associated with the `ApiResources` were prefixed with "Api" and that prefix became "ApiResource" to better indicate the association.
25
25
Then any new tables associated with the new top-level ApiScopes have the "ApiScope" prefix to indicate that association.
26
26
27
-
In order to properly update the database, the easiest approach is to first update to the latest of IdentityServer4 v4.
28
-
Once that's complete, then it's very simple to move to Duende IdentityServer v5.
27
+
To properly update the database, the easiest approach is to first update to the latest of IdentityServer4 v4.
28
+
Once that's complete, then it's straightforward to move to Duende IdentityServer v5.
29
29
30
30
There is a sample project for this migration exercise. It is located [here](https://github.com/DuendeSoftware/UpgradeSample-IdentityServer4-v3).
31
31
@@ -50,7 +50,7 @@ If you're using any of the other IdentityServer4 packages, such as `IdentityServ
50
50
51
51
If you are using a [database](/identityserver/data) for your configuration and operational data, then there is a bit of work.
52
52
The reason is that for this type of schema restructuring EntityFramework Core's migrations can lose existing data.
53
-
To handle this, the conversation from the old schema to the new will be performed by custom SQL.
53
+
To handle this, custom SQL will perform the conversation from the old schema to the new.
54
54
This is only needed for the configuration database, not the operational one so normal migrations will suffice for the operational database.
55
55
56
56
First for the operational database, we can apply EF Core migrations.
0 commit comments