IdentityServer3 contains many features for implementing OpenID Connect and OAuth2. Many of these features have been designed so they can be replaced. This would be useful for the scenarios where the default logic doesn’t match the hosting application’s requirements, or simply the application wishes to provide an entirely different implementation. And in fact, there are some extensibility points within IdentityServer3 that are required to be provided by the hosting application (such as the storage for configuration data or the identity management implementation for validating users’ credentials).
IdentityServer3.Core.Configuration.IdentityServerServiceFactory holds all these building blocks and must be supplied at startup time using the
IdentityServerOptions class (see here for more information on configuration options).
The extensibility points fall into three categories.
- Implements retrieval of scopes configuration data
- Implements retrieval of client configuration data
IdentityServerServiceFactory allows setting up a service factory by providing in-memory stores for users, clients and scopes (see here).
Mandatory for production scenarios (but with default in-memory implementations)
- Implements storage and retrieval of authorization codes (interface)
- Implements storage and retrieval of handles for reference tokens (interface)
- Implements storage and retrieval of refresh tokens (interface)
- Implements storage and retrieval of consent decisions (interface)
- Implements retrieval of UI assets. Defaults to using the embedded assets. (interface)
Optional (can be replaced, but have default implementations)
- Implements creation of identity and access tokens (interface)
- Implements retrieval of claims for identity and access tokens (interface)
- Implements creation and signing of security tokens (interface)
- Implements validation of custom grant types (interface)
- Implements custom additional validation of authorize and token requests (interface)
- Implements creation and updates of refresh tokens (interface)
- Implements filtering and transformation of claims for external identity providers (interface)
- Implements custom additional validation of tokens for the token validation endpoints (interface)
- Allows adding additional data to a token response interface
- Implements logic of consent decisions (interface)
- Implements retrieval and revocation of consents, reference and refresh tokens (interface)
- Implements forwarding events to some logging system (e.g. elastic search) (interface)
- Implements validation of redirect and post logout URIs (interface)
- Implements localization of display strings (interface)
- Implements CORS policy (interface)
See here for more information on registering your custom service and store implementations.