Eugene D. Gubenkov Eugene D. Gubenkov - 11 months ago 98
C# Question

OpenID Connect lightweight library

I'm looking for OpenID Connect (OIDC) Relying Party lightweight library that will have these routines implemented.

  1. Compose "Authentication Request"

  2. Validate "id_token" signature
    (including downloading certificate from metadata endpoint)

  3. Parse "id_token" JWT

The only OIDC flow to be supported is so called "implicit flow" where server answers with "id_token" (and "access_token" if requested) right from authorization endpoint (spec link).

Searching over NuGet repository seems yields the only suitable option - OWIN middleware, and even thought I can confirm it works and it would be better to have lightweight alternative.

OIDC implicit flow

Answer Source

Just sharing what worked for me.

To get 1st goal accomplished NuGet package called Thinktecture.IdentityModel.Client (link) can be used (package from IdentityServer creators that is incredible itself). An example that shows basic usage is below.

var client = new OAuth2Client(new Uri(AuthorizeEndpointUrl));

string url = client.CreateAuthorizeUrl(
    clientId: ClientId,
    redirectUri: RedirectUri,
    responseType: "id_token",
    responseMode: "form_post",
    nonce: Guid.NewGuid().ToString(),
    additionalValues: additionalValues);

As to parsing and validation of the JWT received from OIDC Identity Provider the System.IdentityModel.Tokens.Jwt (link) Microsoft's NuGet package is a way to go. The code snippet is bellow as well.

var parameters = new TokenValidationParameters()
    IssuerSigningTokens = GetSigningTokens(MetadataEndpointUrl),
    ValidAudience = ValidAudience,
    ValidIssuer = ValidIssuer,

var tokenHandler = new JwtSecurityTokenHandler();

SecurityToken validated;
tokenHandler.ValidateToken(jwt, parameters, out validated);

return validated as JwtSecurityToken;

This all lightweight and keeps your application clean from unnecessary dependencies.