IdentityServer > Storing an access token in IdentityServer3

Storing an access token in IdentityServer3

IdentityServer is a framework and a hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2. The documentation is not so great, but the example source codes are very well supported. You can find the codes here in https://github.com/IdentityServer/IdentityServer3.Samples/

ITokenHandleStore, ITransientDataRepository<Token>

In order to save the token in your own database, the first thing you should dig into is ITokenHandleStore interface. As you can see below, the signature is empty.

This interface inherits ITransientDataRepositry<T>, you need to implement its signature.

You can get these from just taking a glance at the signature.

• GetAllAsync : Get all the tokens.
• GetAsync : Get a token matched by the key parameter
• RemoveAsync : Remove a token matched by the key parameter
• RevokeAsync : Remove a token or bunch of tokens matched by subject and client parameter ( they are subject id and client id respectively )
• StoreAsync : Save an access key with token model.

Is it a right choice or a right approach to implement ITokenHandleStore interface? 

It's a diagram that shows a hierarchical relationships between the interface and its implementations. You can see the InMemoryTokenHandleStore directly inherits ITokenHandleStore. Well it depends on the project and configuration, the majority of examples use InMemoryTokenHandleStore as a default, we can be pretty much sure that this is the right one. Let's tweak some codes.

Implementation

Let's see the codes below. 

* this is just sudo codes. You need to write your own DbContext according to your application environment. If you use plain ADO.NET, then write SqlConnection codes explicitly or if you use EntityFramework, then all you need to do is to write queries with the Token model in ORM way.

Configuration

Now it's essential to register your own service ( GeniusDMTokenHandleStore ) into the Factory. It does also depend on your project, normally you can find these statements in your Startup.cs in your WebHost project.

Once you successfully registered your own implementation via ServiceFactory, then Autofac in IdentityServer3 will do the heavy liftings for you. It's going to perform DI ( Dependency Injection ) for you. For Autofac to do this job properly, let's register your class.

It's all set. From now on, let's make a http request to localhost:{yourport}/connect/token with a proper client and scopes. When IdentityServer3 tries to validate your token, it will try to get the token through your implementation. If you want to pass in something that you need for your database ( eg. ConnectionString ), you may need to add a constructor to your implementation, so that Autofac, the IoC container will be able to instantiate your class just like the way you wanted. See this example below.