OpenID Connect轻量级库

Question

I'm looking for OpenID Connect (OIDC) Relying Party lightweight library that will have these routines implemented.

1. Compose "Authentication Request"
2. Validate "id_token" signature (including downloading certificate from metadata endpoint)
3. Parse "id_token" JWT

The only OIDC flow to be supported is so called " implicit flow " where server answers with "id_token" (and "access_token" if requested) right from authorization endpoint ( spec link ).

Searching over NuGet repository seems to yield the only suitable option - OWIN middleware, and even though I can confirm it works, it would be better to have lightweight alternative.

Answer 1

Just sharing what worked for me.

To get 1st goal accomplished NuGet package called Thinktecture.IdentityModel.Client ( link ) can be used (package from IdentityServer creators that is incredible itself). An example that shows basic usage is below.

var client = new OAuth2Client(new Uri(AuthorizeEndpointUrl));

string url = client.CreateAuthorizeUrl(
    clientId: ClientId,
    redirectUri: RedirectUri,
    responseType: "id_token",
    responseMode: "form_post",
    nonce: Guid.NewGuid().ToString(),
    additionalValues: additionalValues);

As to parsing and validation of the JWT received from OIDC Identity Provider the System.IdentityModel.Tokens.Jwt ( link ) Microsoft's NuGet package is a way to go. The code snippet is bellow as well.

var parameters = new TokenValidationParameters()
{
    IssuerSigningTokens = GetSigningTokens(MetadataEndpointUrl),
    ValidAudience = ValidAudience,
    ValidIssuer = ValidIssuer,
};

var tokenHandler = new JwtSecurityTokenHandler();

SecurityToken validated;
tokenHandler.ValidateToken(jwt, parameters, out validated);

return validated as JwtSecurityToken;

This all lightweight and keeps your application clean from unnecessary dependencies.