Identityserver

IdentityServer is a .NET framework for building an OpenID Connect and OAuth 2.0 authorization server/IdP. The actively supported product is Duende IdentityServer; IdentityServer4 reached end of life on December 13, 2022. Duende adds production features such as PAR, DPoP, mTLS, Dynamic Client Registration, and offers commercial licensing.

Key Capabilities

  • Standards-based Authorization Server: Duende IdentityServer implements OAuth 2.0 and OpenID Connect flows including Authorization Code (with PKCE), Hybrid, Device, and Client Credentials, with support for refresh tokens and well-documented /authorize and token endpoints.

  • Federation & External IdPs: Integrates with external identity providers such as Microsoft Entra ID and Google through ASP.NET Core authentication handlers and IdentityServer’s external login flow.

  • Advanced OAuth Profiles: Delivers out-of-the-box support for Pushed Authorization Requests (PAR), Proof-of-Possession tokens (mTLS and DPoP), and Financial-grade API (FAPI) 2.0 compliance options.

  • Dynamic Client Registration (DCR): Provides optional endpoints and libraries for automated client onboarding and lifecycle management via DCR standards.

Limitations

  • Lifecycle & Migration: IdentityServer4 reached end-of-life on December 13, 2022. The archived IdentityServer4 codebase contains known vulnerabilities and no longer receives patches or security fixes.

  • Licensing Model: Duende IdentityServer is distributed under a commercial or RPL license for production deployments, with tiered editions based on usage. Teams must plan for license procurement and ongoing compliance in production environments.

  • Protocol Focus (No Native SAML): The framework centers on OAuth 2.0 and OpenID Connect standards. There is no confirmed first-party SAML 2.0 Identity Provider implementation—SAML integration typically requires third-party components or extensions.

  • Not a Full IGA or SCIM Suite: Duende IdentityServer functions as an authorization server framework, not a complete identity governance or provisioning platform. It does not include a native SCIM server or automated identity lifecycle management tools.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales