IdentityServer > Overview of IdentityServer

Overview of IdentityServer

Let's see an overview of IdentityServer structure.

Overview

OWIN

It's an abbv for Open Web Interface for .NET. You can find the specification of the interface and protocol in here http://owin.org/html/spec/owin-1.0.html. The interface comes down to break the strong bind between IIS and ASP.NET and the coherence to the heavy System.Web. You can even host IdentityServer on a console application, big thanks to OWIN, and another application domains. What's interesting is that OWIN calls Func<Environment, Task>, a delegate, "Middleware". IdentityServer is built on OWIN so it runs on a server as a middleware. As the result, you can setup IdentityServer on any type of application as long as it has an HTTP window and requires an authentication service.

Endpoints

There're several HTTP/HTTPs request endpoints in IdentityServer and there're approx 14 controllers. The most important three are

• TokenEndPointContoller 
• AccessTokenValidationController
• AuthorizeEndpointController

Decorator

Decorator class is designed under the principle of ' Decorator Pattern ', the design pattern to make an extension class or functionalities on an existing base class or a parent class implementing some interface. IdentityServer uses Autofac for an IoC container and you can register decorator classes by RegisterDecorator in AutofacConfig. EventServiceDecorator is the only decorator class in the project.

Extensions

Literally it's for extensions, usually made upon static keyword to make developer feel like they are built-in functions or something.

Store Interfaces

Probably the most important interfaces among the others. These interfaces are in charge of storing something, as you may guess by the name, the interfaces just name after a target data. IClientStore means it's going to manage Client data. If you are going to need to save your token, client, authorization code in your own database or your file system, implementing these interfaces is the first thing to do.

• IScopeStore
• IClientStore
• IAuthorizationCodeStore
• ITokenHandleStore

And etc. The signature is so simple that you can get it done within no time.

Service Interfaces

You can implement some services you might want to have.

Validator Interfaces

Interfaces for implementing validators. If your application should be built with special validation procedures such as a cryptograpic job, IP white list, and that sort of things, and if the default OAuth validation flow is not enough for your app, you can implement one of these interfaces and you can perform the additional validation during the middleware level process.

Configuration

It's literally the IdentityServer configuration. Below are the most important, essential three classes.

• IdentityServerServiceFactory
• IdentityServerOptions
• LoggingConfiguration

Autofac ( IoC Container )

Autofac dependency-injects designated classes in the service factory at compile time and eventually complete the interface members in controllers. You can register a choosen class to your IoC container at the configuration stage. One good is example is registering a class to one of the members in IdentityServerServiceFactory class. Below is the default registration behavior by which HashedSharedServretValidator and X509CertificateThumbprintSecretValidator can be ready to be running in the future.

1 2 3 4 5

SecretValidators = new List<Registration<ISecretValidator>> {      new Registration<ISecretValidator, HashedSharedSecretValidator>(),      new Registration<ISecretValidator, X509CertificateThumbprintSecretValidator>() };

Some controller constructor takes ISecretValidator as an argument. Autofac does the heavy lifting for you, the DI jobs, and when HTTP requests comes through to the controller, the registered class will be running in the context. FYI, this kind of pattern is called " Strategy Pattern "

Service Factory

IdentityServerServiceFactory is literally a class designed by the famous factory pattern. This factory has all kind of manufacture processes as class members in order to handle a token.

• UserService
• ScopeStore
• ClientStore
• AuthorizationCodeStore
• TokenHandleStore
• ConsentStore
• RefreshTokenStore
• CustomRequestValidator
• TokenService
• SecretValidators

Don't these remind you of an actual factory, just looking at those members? I can see the IdentityServer writer seriously took the design patterns into consideration and naming is very precisely and beautifully tailored to meet the design pattern ideas.