I'm looking for OpenID Connect (OIDC) Relying Party lightweight library that will have these routines implemented.
- Compose "Authentication Request"
- Validate "id_token" signature
(including downloading certificate from metadata endpoint)
- Parse "id_token" JWT
The only OIDC flow to be supported is so called "implicit flow" where server answers with "id_token" (and "access_token" if requested) right from authorization endpoint (spec link).
Searching over NuGet repository seems to yield the only suitable option - OWIN middleware, and even though I can confirm it works, it would be better to have lightweight alternative.
Just sharing what worked for me.
To get 1st goal accomplished NuGet package called Thinktecture.IdentityModel.Client
(link) can be used (package from IdentityServer creators that is incredible itself). An example that shows basic usage is below.
var client = new OAuth2Client(new Uri(AuthorizeEndpointUrl));
string url = client.CreateAuthorizeUrl(
clientId: ClientId,
redirectUri: RedirectUri,
responseType: "id_token",
responseMode: "form_post",
nonce: Guid.NewGuid().ToString(),
additionalValues: additionalValues);
As to parsing and validation of the JWT received from OIDC Identity Provider the System.IdentityModel.Tokens.Jwt
(link) Microsoft's NuGet package is a way to go. The code snippet is bellow as well.
var parameters = new TokenValidationParameters()
{
IssuerSigningTokens = GetSigningTokens(MetadataEndpointUrl),
ValidAudience = ValidAudience,
ValidIssuer = ValidIssuer,
};
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken validated;
tokenHandler.ValidateToken(jwt, parameters, out validated);
return validated as JwtSecurityToken;
This all lightweight and keeps your application clean from unnecessary dependencies.