What is the Signing Credential in IdentityServer4?

asp.net-core asp.net-identity identity identityserver4
26,893

The Authorization Server will sign tokens with a key. Resource Server(s) should verify that the token's integrity with a key. Together they form a (usually asymmetric, e.g. public/private) key (pair). By default IdentityServer will publish the public key for verifying tokens via the /.well-known/openid-configuration endpoint.

For development scenarios, you typically want to skip the fuss of properly managing secrets like said keys (which is really important to do properly in production!). For these development scenarios you have the option of using adhoc solutions like AddTemporarySigningCredential, which was used for .NET Core 1.x.

With .NET Core 2.x this will change and you will need the AddDeveloperSigningCredential() extension method.

That answers the question of what it is. On how to use it: you simply call the method you need depending on your .NET Core version inside the ConfigureServices(...) method of your application's Startup class.

Apart from that you don't need to do anything special, except of course take care that you use a proper key pair in production.

See also the docs on Cryptography, Keys and HTTPS and the bit on Configuring Services for Keys. From the latter document, here's a relevant alternative for production cases:

  • AddSigningCredential

    Adds a signing key service that provides the specified key material to the various token creation/validation services. You can pass in either an X509Certificate2, a SigningCredential or a reference to a certificate from the certificate store.

Share:
26,893
Shaul Zuarets
Author by

Shaul Zuarets

Updated on July 15, 2022

Comments

  • Shaul Zuarets
    Shaul Zuarets almost 2 years

    We are in the process of implementing Identity Server 4 with our .NET Core web app.

    I went trough the Identity Server documentation. When configuring the Identity server (using DI) there is the line:

    .AddTemporarySigningCredential

    I'm trying to understand what this Signing credential is but couldn't figure out. Therefore I don't know if it's ok to use the built in temporary, or if I should provide a different one.

    My question is, what is a signing credential and how should I use it?

    In the Identity server documentation this is the definition:

    Adds a signing key service that provides the specified key material to the various token creation/validation services. You can pass in either an X509Certificate2, a SigningCredential or a reference to a certificate from the certificate store.

    So it seems important :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to change ".AspNetCore.Identity.Application" cookie expiration?
How to call Identity Server 4 with Postman for login
No service for type 'Microsoft.AspNetCore.Identity.SignInManager When
Identity Server 4 + Identity Framework + React front-end
using IdentityServer4 with custom Configration DBContext
ASP.NET Core Identity change login URL
Role Claims in ASP.NET Core Identity compared to Role Permissions in custom auth
Cookie not being set in iframe
ASP.NET Core not redirecting to logIn page after session times out
IdentityServer4 from .net framework 4.6