Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Removal of OpenIddict.Models in OpenIddict RC3

See original GitHub issue

Starting with RC3, OpenIddict will no longer come with a default set of entities and stores base classes.

Why?

In the previous iterations of OpenIddict, an important effort was made to create a shared set of entities (contained in the OpenIddict.Models package) that could be used not only by the official Entity Framework 6.x and Entity Framework Core stores, but also by third-party/custom stores.

This pattern had many pros - like avoiding code duplication or having base classes that simplify the development of custom stores (which is why it was also eventually adopted by the ASP.NET team for ASP.NET Core Identity in 2.0).

Unfortunately, this approach had also a major issue: we had to design the default entities as “lowest common denominators”, so that they could be used by all/most ORMs or document databases. In practice, this meant that things like OpenIddictApplication.RedirectUris or OpenIddictApplication.PostLogoutRedirectUris had to be represented as JSON-serialized strings for SQL-oriented ORMs like EF 6.x and EF Core to work natively.

In the document databases world, entities are generally schema-less, which offers a greater flexibility. A NoSQL database like MongoDB can easily store and efficiently index JSON arrays, which means OpenIddictApplication.RedirectUris/PostLogoutRedirectUris are best represented as arrays of strings (string[]).

The conclusion was clear: we couldn’t have the best performance by using non-optimized entities.

What will change?

In RC3, each stores package will come with its own models you’ll be able to use exactly like in the previous iterations.

How do I update my code?

First, make sure you don’t reference the obsolete OpenIddict.Models or OpenIddict.Stores packages. The new models are automatically referenced by the stores packages they belong to and you don’t need to add any reference to use them.

Then, update your Startup.ConfigureServices() method to use the new helpers. For instance:

services.AddOpenIddict()

    // Register the OpenIddict core services.
    .AddCore(options =>
    {
        options.UseEntityFrameworkCore()
               .UseDbContext<ApplicationDbContext>();
    });

If you prefer using long as the key type (with the default entities), use ReplaceDefaultEntities:

services.AddOpenIddict()

    // Register the OpenIddict core services.
    .AddCore(options =>
    {
        options.UseEntityFrameworkCore()
               .UseDbContext<ApplicationDbContext>()
               .ReplaceDefaultEntities<long>();
    })

If you want to use your own entities instead of the default EF Core ones:

services.AddOpenIddict()

    // Register the OpenIddict core services.
    .AddCore(options =>
    {
        options.UseEntityFrameworkCore()
               .UseDbContext<ApplicationDbContext>()
               .ReplaceDefaultEntities<MyApp, MyAuth, MyScope, MyToken, long>();
    })

Issue Analytics

State:
Created 5 years ago
Comments:11 (5 by maintainers)

Top GitHub Comments

1reaction

kevinchaletcommented, May 30, 2018

Is there some option I am missing?

Are you migrating from an old OpenIddict version (e.g RC1?). If so, you’ll have to update your DB schema. Read https://openiddict.github.io/openiddict-documentation/guide/migration.html for more information.

1reaction

daveyjaycommented, May 29, 2018

Just wondering when will the samples be updated to reflect this change?

I am having some trouble migration from rc2 - when calling services.AddOpenIddict, where do I put the additional calls to methods such as AddMvcBinders, RegisterScopes, SetAccessTokenLifetime etc.?

These methods are not available on the options object inside the the AddOpenIddict method or the AddCore method.

For example, inside of AddOpenIddict it used to look like this:

{               
                // options.AddEntityFrameworkCoreStores<MyDbContext>();   old code replaced in rc3 with example above


                // Register the ASP.NET Core MVC binder used by OpenIddict.
                // Note: if you don't call this method, you won't be able to
                // bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
                options.AddMvcBinders();

                options.EnableAuthorizationEndpoint("/connect/authorize")
                    .EnableLogoutEndpoint("/connect/logout")
                    .EnableIntrospectionEndpoint("/connect/introspect")
                    .EnableUserinfoEndpoint("/connect/userinfo");

                // Mark the "email", "profile" and "roles" scopes as supported scopes.
                options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
                    OpenIdConnectConstants.Scopes.Profile,
                    OpenIdConnectConstants.Scopes.OpenId);

                // Enable scope validation, so that authorization and token requests
                // that specify unregistered scopes are automatically rejected.
                options.EnableScopeValidation();

                options.SetAccessTokenLifetime(TimeSpan.FromMinutes(20)); 

                options.AllowImplicitFlow();

                // During development, you can disable the HTTPS requirement.
                options.DisableHttpsRequirement();
                // On production, using a X.509 certificate stored in the machine store is recommended.
                // You can generate a self-signed certificate using Pluralsight's self-cert utility:
                // https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
                //
                // services.AddOpenIddict()
                //     .AddSigningCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
                //
                // Alternatively, you can also store the certificate as an embedded .pfx resource
                // directly in this assembly or in a file published alongside this project:
                //
                // services.AddOpenIddict()
                //     .AddSigningCertificate(
                //          assembly: typeof(Startup).GetTypeInfo().Assembly,
                //          resource: "AuthorizationServer.Certificate.pfx",
                //          password: "OpenIddict");

                // Register a new ephemeral key, that is discarded when the application
                // shuts down. Tokens signed using this key are automatically invalidated.
                // This method should only be used during development.
                options.AddEphemeralSigningKey();
                // Note: to use JWT access tokens instead of the default
                // encrypted format, the following line is required:
                options.UseJsonWebTokens();
            });```

Top Results From Across the Web

OpenIddict RC3 is out | Kévin Chalet's blog

Retrospectively, this logic was too complex and I decided to remove it in RC3. Starting with RC3, permissions are no longer optional nor ......

Implementing advanced scenarios using the new OpenIddict ...

In this post, discover how to leverage the events model introduced in OpenIddict RC3 to implement advanced features.

c# - OpenIddict problems

using OpenIddict.EntityFrameworkCore.Models;. This left me with two problems to which I can't find a solution. services.AddOpenIddict().

What's OpenIddict?

OpenIddict is an open source and versatile framework for building standard-compliant OAuth 2.0/OpenID Connect servers in any ASP.NET Core 2.1 (and higher) ...

Openiddict

Openiddicttarp to side of house. OpenIddict aims at providing a versatile solution to implement an OpenID Connect server and token validation in any...