« Back to home

Getting started with IdentityServer4

Daj się poznać

I wrote in one of previous posts about my experiments with Google Identity Provider and Implicit Flow to get access tokens which allow me to fetch resources from API. I didn’t mention IdentityServer IdentityServer in these posts, which is becoming the default choice if you want to create an identity provider in ASP .NET. I did this deliberately because I had some experiences with IdentityServer 3 and I wanted to try something new. IdentityServer3 wasn’t prepared to be used with ASP .NET Core but is there something similar to it? Yes and you can read about it here. There is IdentityServer4 which is a port of IdentityServer for ASP .NET Core. This post is the first in a series about IdentityServer4 on ASP .NET Core.

The journey with the IdentityServer4 started by copying
this folder into my local directory. Then inside the directory IdSvrHost, I restored the packages and I ran an application with dnx web and after a while I saw the IdentityServer4 welcome page:

Identity Server4 welcome page

Okay, that was great but let’s test IdentityServer4 with a client. In a previous post, I experimented with a javascript client and we’ll do the same in this case.

I downloaded this folder to my local folder. I restored the packages and ran an application with the command web run and got the following error in the console:

Microsoft.AspNet.Server.Kestrel.Networking.UvException: Error -98 EADDRINUSE address already in use
   at Microsoft.AspNet.Server.Kestrel.Networking.Libuv.Check(Int32 statusCode)
   at Microsoft.AspNet.Server.Kestrel.Networking.UvStreamHandle.Listen(Int32 backlog, Action`4 callback, Object state)
   at Microsoft.AspNet.Server.Kestrel.Http.TcpListener.CreateListenSocket()
   at Microsoft.AspNet.Server.Kestrel.Http.Listener.<>c__DisplayClass5_0.<StartAsync>b__0(Object _)

Of course I got the error message address already in use because my IdentityServer was occupying port 5000. In the project.json file of JsOidc project, the web command was defined as this:

"web": "Microsoft.AspNet.Server.Kestrel"

and the default port for Kestrel is 5000. So I needed to change this but which port do I choose? I could find the right port in the definition of Clients for IdentityServer and that was in the class Clients inside the Configuration folder of IdSvrHost project. At the end of this class I found:

// JS OIDC Sample
new Client
    ClientId = "js_oidc",
    ClientName = "JavaScript OIDC Client",
    ClientUri = "http://identityserver.io",

    Flow = Flows.Implicit,
    RedirectUris = new List<string>
    PostLogoutRedirectUris = new List<string>

    AllowedCorsOrigins = new List<string>

    AllowedScopes = new List<string>
        "api1", "api2"

As you can see, the port which I was looking for was 7017 and I changed web command in the JsOidc project to:

"web": "Microsoft.AspNet.Server.Kestrel --server.urls=http://localhost:7017"

After this, when I ran the application and navigated to http://localhost:7017 I saw this:

JavaScript Oidc Client

When I clicked Login Only nothing had happened and I could only see this in the web browser console:

Error after Login

The reason for the error seemed to be obvious: the javascript library which communicated with IdentityServer was configured to use address localhost:22530 and my IdentityServer worked on port 5000. By the way, this library is my old friend oidc-token-manager library which I played with here and here.

I decided to run my IdentityServer on the port 22530 instead of making changes in the client application code. So I changed the web command in the project IdSvrHost to this:

"web": "Microsoft.AspNet.Server.Kestrel --server.urls=http://localhost:22530"

I restarted IdentityServer and then after clicking Login Only again, I was redirected to this page:

Login Page

After entering the username alice and the password alice which I found in the class Users inside the Configuration folder of IdSvrHost project, I saw this screen:

Requesting Your Permission

After clicking Yes, Allow, which meant that I granted a specific permission to my client, I was brought back to the javascript client and I saw the following screen:

Final Result

As you can see, I got id_token which meant I was successfully authenticated in IdentityServer. The next step is to obtain access_token and use it to access some API but this is a theme for another post. Meanwhile, you can find the whole source code for this demo in this repository.

Related posts:


comments powered by Disqus