IdentityServer Going Commercial After Nov 2022
IdentityServer4.0 is an open-source SSO software based on OpenID Connect and OAuth 2.0. This free tool is written in the .NET framework (4.5.x) and .NET Core to provide single sign-on services across multiple applications. As an authentication server, it provides a JWT token that can be used to access digital resources. It offers many provisions such as access control for API, user interface customizations, API authorization, and claim-based providers. Further, it is flexible, extensible, and comes with self-hosting capabilities. In addition, it supports multiple flows and federated identities such as Google, Facebook, Twitter, and other social networks.
IdentityServer4.0 is best known for ASP.NET projects for implementing OpenID Connect and OAuth 2.0.
IdentityServer Provides following features:
- Authentication as a Service: IS provides centralized logins for all applications (Web, native, Mobile, Services).
- SSO: IS provides single Sign-in / Sign-out over multiple application types
- Access Control for APIs: It supports S2S, Web Apps, SPAs, and native mobile apps.
- Federation Gateway: IS supports external providers like Azure AD, Google, FB.
- Customization: It can be customized to support other scenarios which are not supported out of the box.
- Open source: It is well documented and has good community support.
What will be the change after November 2022:
Rebranding: IdentityServer will be rebranded as “Duende IdentityServer”. IdentityServer4 support will last until the end of life of .NET Core 3.1 which means till November 2022.
Licensing and Pricing: You can use IdentityServer free for development / testing and Open-Source work. IdentityServer will required annual payment for commercial use.
What should you do?
You can implement in-built library packed with Microsoft SDK. This will be very easy and cost-effective solution that is most suitable for scale with total control over technology.
You can use new IdentityServer and switch to a commercial plan.
You can use other open-source solutions like KeyCloak.
You can use alternative solutions like OAuth0, Okta, ory.sh, Azure AD, Google, AWS cognito etc.