A robust, enterprise-ready Identity Provider (IdP) built on .NET 10+ and OpenIddict, featuring a hybrid SSR (Razor Pages) and SPA (Vue.js) architecture.
Caution
SECURITY WARNING: This project includes default development passwords (e.g., YourStrong!Passw0rd). Never use these in production. Always use Environment Variables or a Secret Manager to override sensitive settings.
- Getting Started
- Architecture Guide
- Testing & Seeding
- Security Policy
- Feature Overview
- Deployment Guide
- Core.Domain: Entities, constants, and core business models.
- Core.Application: Interfaces, DTOs, and application logic.
- Infrastructure: Data access (EF Core), external services, and security implementations.
- Web.IdP: The main Identity Provider host (Razor Pages + Vue.js Admin UI).
- samples/: Sample integration clients (M2M, Device Flow, Impersonation).
- Tests/: Comprehensive test suites (System, Integration, Unit).
Powered by OpenIddict:
- Flows: Authorization Code + PKCE, Client Credentials, Device Flow.
- Security: Refresh token rotation with configurable reuse leeway, secure session management.
- Standard Discovery: Full OIDC metadata at
/.well-known/openid-configuration.
- RBAC: Hierarchical roles and fine-grained permissions.
- Impersonation: Secure "Login As" feature for administrative support.
- Observability: Prometheus metrics and structured audit logging.
- Bot Protection: Integrated Cloudflare Turnstile support.
- External Identity: Seamless integration with Google & Microsoft accounts, including auto-linking and AMR support.
- Branding: Customizable UI with configurable Privacy Policy and Help documentation links.
- Backend: .NET 10+, EF Core (SQL Server/PostgreSQL), OpenIddict, SignalR.
- Frontend: Vue.js 3, Vite, Tailwind CSS, Headless UI.
- Testing: xUnit, FluentAssertions, Playwright, Vitest.
- Prerequisites: Docker Desktop, .NET 10 SDK+.
- Run Infrastructure:
docker compose -f docker-compose.dev.yml up -d
- Run App:
dotnet run --project Web.IdP
Use the Setup Wizard (Recommended):
cd deployment
./setup-env.ps1 # or ./setup-env.shThis handles certificates, passwords, and architecture selection involved in a production setup. See Deployment Guide for details.
Distributed under the MIT License. See LICENSE for more information.
This project was developed with significant assistance from advanced AI coding agents. While following industry standards, we recommend a secondary human security audit for production environments. Code is provided "AS IS".