RFC ServiceStack Authentication IdentityServer

FYI, we have published a few packages for IdentityServer integration with ServiceStack

Identity Server Plugin

Hashicorp Vault Plugin for storing secrets and xplat certificate store

There are docs on the repo’s and a sample repo containing examples of everything fully integrated to help provide an overview of how it all fits together.

1 Like

Curious why you’ve gone for a java-like fluent configuration API:

AppSettings.SetUserAuthProvider()
   .SetAuthRealm("http://identityserver:5000/")                 
   .SetClientId("ServiceStack.SelfHost")                        
   .SetClientSecret("F621F470-9731-4A25-80EF-67A6F7C5F4B8")  
   .SetScopes("openid ServiceStack.SelfHost offline_access");

Instead of the more conventional and locally-scoped configuration on the Plugin? e.g:

Plugins.Add(new IdentityServerAuthFeature {
    AuthRealm = "http://identityserver:5000/"
    //...
});

Apart from requiring more code, it’s not clear which keys other plugins/services could use to access the configuration, whereas if it were on the plugin, it could be intuitively accessed from:

var authRealm = HostContext.GetPlugin<IdentityServerAuthFeature>().AuthRealm;

Thanks for the feedback,

It is something we have done on other plugins but usually also encapsulated in a settings class which is then exposed on the plugin to allow external access or runtime manipulation. The settings class also offers fine control over what can and cannot be changed during runtime and keeps any plugin configuration outwith the feature class which is typically a thin composition wrapper around the core functionality.

Wouldn’t say we are married to the approach but it generally works ok for the extra code required but we are always interested in minimising the setup costs for these plugins so we’ll add this feedback to our next internal review.