OpenID Configuration JSON
OpenID configuration may be specified as JSON either in the application's appsettings.json or in a separate JSON file (e.g. openid-config.json).
The following example shows a OpenID section containing the outline of a configuration.
The following code adds the OpenID services and specifies the name of the OpenID configuration section.
// Add OpenID services.
builder.Services.AddOpenIDProvider(
builder.Configuration.GetSection("OpenIDProvider"));
Example Configuration
The following example configures an OpenID Provider and a single client.
"OpenIDProvider": {
"$schema": "https://www.componentspace.com/schemas/openid-config-schema-v1.0.json",
"Configurations": [
{
"ProviderConfiguration": {
"ProviderMetadata": {
"Issuer": "https://localhost:44311",
"AuthorizationEndpoint": "/openid/authorize",
"TokenEndpoint": "/openid/token",
"UserinfoEndpoint": "/openid/userinfo",
"JwksUri": "/openid/keys",
"EndSessionEndpoint": "/openid/logout",
"IntrospectionEndpoint": "/openid/introspect",
"ScopesSupported": [ "openid", "profile" ],
"ResponseTypesSupported": [ "code", "id_token", "id_token token", "code id_token", "code token", "code id_token token" ],
"ResponseModesSupported": [ "query", "fragment", "form_post" ],
"GrantTypesSupported": [ "authorization_code", "implicit", "refresh_token", "client_credentials", "password" ],
"SubjectTypesSupported": [ "public" ],
"IdTokenSigningAlgValuesSupported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
"IdTokenEncryptionAlgValuesSupported": [ "A128KW", "A192KW", "A256KW", "dir", "RSA1_5", "RSA-OAEP" ],
"IdTokenEncryptionEncValuesSupported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ],
"UserinfoSigningAlgValuesSupported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
"UserinfoEncryptionAlgValuesSupported": [ "A128KW", "A192KW", "A256KW", "dir", "RSA1_5", "RSA-OAEP" ],
"UserinfoEncryptionEncValuesSupported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ],
"RequestObjectSigningAlgValuesSupported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
"RequestObjectEncryptionAlgValuesSupported": [ "A128KW", "A192KW", "A256KW", "dir", "RSA1_5", "RSA-OAEP" ],
"RequestObjectEncryptionEncValuesSupported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ],
"TokenEndpointAuthMethodsSupported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none" ],
"TokenEndpointAuthSigningAlgValuesSupported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
"IntrospectionEndpointAuthMethodsSupported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none" ],
"IntrospectionEndpointAuthSigningAlgValuesSupported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
"DisplayValuesSupported": [ "page", "popup", "touch", "wap" ],
"ClaimsSupported": [ "amr", "aud", "email", "exp", "family_name", "given_name", "iat", "idp", "iss", "jti", "middle_name", "name", "nbf", "nonce", "preferred_username", "sub", "ver" ],
"CodeChallengeMethodsSupported": [ "plain", "S256" ],
"ClaimsParameterSupported": true,
"RequestParameterSupported": true,
"RequestUriParameterSupported": true
},
"ProviderCertificates": [
{
"FileName": "certificates/op.pfx",
"Password": "password"
}
]
},
"ClientConfigurations": [
{
"Description": "Example OpenID Client",
"ClientID": "wLpJpHADUqEmmAltrZX87yUMz8lgweWs",
"ClientSecret": "P41HXh7SptRM6rV4xjgdVmUkXssibunr",
"RedirectUris": [
"https://localhost:44389/signin-oidc"
],
"PostLogoutRedirectUris": [
"https://localhost:44389/signout-callback-oidc"
],
"ClientCertificates": [
{
"FileName": "certificates/client.cer"
}
]
}
]
}
]
},
JSON Schema
The JSON schema may be used to enable Visual Studio IntelliSense when editing OpenID configuration.
The following example specifies the schema associated with the OpenIDProvider configuration.
{
"OpenIDProvider": {
"$schema": "https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",
"Configurations": [
]
}
}
Note
Schema validation of the OpenID configuration is not performed at runtime. Configuration errors will be detected when the configuration is loaded or used.