IdentityServer4 OpenIdConnectAuthentication or IdentityServerAuthentication

Question

When configuring IdentityServer4 for ASP WebAPI/MVC i have the option to use

• app.UseOpenIdConnectAuthentication
• app.UseIdentityServerAuthentication

It seems to me that it does the same thing. Why shouldi choose the Identity server option over the openidconnect?

When does each one apply best and why?

Answer 1

In API (MVC Web API) application you should call

app.UseIdentityServerAuthentication

See IdentityServer4 API documentation

Our authentication middleware serves the same purpose as the app.UseJwtBearerAuthentication middleware (in fact it uses the Microsoft JWT middleware internally), but adds a couple of additional features:

• support for both JWTs and reference tokens
• extensible caching for reference tokens
• unified configuration model
• scope validation

In Web Client (MVC Web ) you should call

app.UseOpenIdConnectAuthentication

See IdentityServer4 "Creating an MVC client" documentation

Answer 2

app.UseOpenIdConnectAuthentication

It implement a middlware to use the OIC flow whatever your server authority.

Have a look on those links :

• https://andrewlock.net/an-introduction-to-openid-connect-in-asp-net-core/
• https://stormpath.com/blog/token-authentication-asp-net-core
• https://grean.com/easyid/aspnetcore/oidc/2017/02/25/aspnet-core-and-easyid.html

app.UseIdentityServerAuthentication

In this case, the configuration is more specific to use the IdendityServer4 workflow

Difference ?

The first is more generic whereas the second is more specific.