Welcome to Duende IdentityServer (version 7.1.0)


References

Here are links to the IdentityServer source code repository, ready-to-use samples, and this demo server.

Demo clients

You can use this demo server for different types of clients. Use the below configurations to work with them in your own demo applications or use them in the IdentityServer sample projects.

Machine-to-machine communication can be done using client credentials.

m2m
Machine to machine (client credentials)
Client ID: m2m
Grant type: client credentials
Requires PKCE
Client secret: secret
Access token lifetime: 1h
Allowed scopes: api
m2m.jwt
Machine to machine (client credentials with JWT)
Client ID: m2m.jwt
Grant type: client credentials
Requires PKCE
Client secret: private key JWT
Access token lifetime: 1h
Allowed scopes: api
m2m.dpop
Machine to machine (client credentials)
Client ID: m2m.dpop
Grant type: client credentials
Requires PKCE
Requires the use of DPoP
Client secret: secret
Access token lifetime: 1h
Allowed scopes: api
m2m.dpop.nonce
Machine to machine (client credentials)
Client ID: m2m.dpop.nonce
Grant type: client credentials
Requires PKCE
Requires the use of DPoP and nonce
Client secret: secret
Access token lifetime: 1h
Allowed scopes: api
m2m.short
Machine to machine with short access token lifetime (client credentials)
Client ID: m2m.short
Grant type: client credentials
Requires PKCE
Client secret: secret
Access token lifetime: 0h 1m 15s
Allowed scopes: api
m2m.short.jwt
Machine to machine (client credentials with JWT)
Client ID: m2m.short.jwt
Grant type: client credentials
Requires PKCE
Client secret: private key JWT
Access token lifetime: 0h 1m 15s
Allowed scopes: api

Interactive clients use interactive user authentication via the OpenID Connect protocol.

interactive.confidential
Interactive client (Code with PKCE)
Client ID: interactive.confidential
Grant type: authorization code and client credentials
Requires PKCE
Client secret: secret
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
interactive.confidential.jwt
Interactive client (Code with PKCE) using private key JWT authentication
Client ID: interactive.confidential.jwt
Grant type: authorization code and client credentials
Requires PKCE
Client secret: private key JWT
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
interactive.confidential.jar.jwt
Interactive client (Code with PKCE) using JAR and private key JWT
Client ID: interactive.confidential.jar.jwt
Grant type: authorization code and client credentials - requires JAR
Requires PKCE
Client secret: private key JWT
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
interactive.confidential.short
Interactive client with short token lifetime (Code with PKCE)
Client ID: interactive.confidential.short
Grant type: authorization code and client credentials
Requires PKCE
Client secret: secret
Access token lifetime: 0h 1m 15s
Allowed scopes: api openid profile email offline_access
interactive.confidential.short.jwt
Interactive client (Code with PKCE) using private key JWT authentication with short access token lifetime
Client ID: interactive.confidential.short.jwt
Grant type: authorization code and client credentials
Requires PKCE
Client secret: private key JWT
Access token lifetime: 0h 1m 15s
Allowed scopes: api openid profile email offline_access
interactive.confidential.short.jar.jwt
Interactive client (Code with PKCE) using JAR and private key JWT
Client ID: interactive.confidential.short.jar.jwt
Grant type: authorization code and client credentials - requires JAR
Requires PKCE
Client secret: private key JWT
Access token lifetime: 0h 1m 15s
Allowed scopes: api openid profile email offline_access
interactive.public
Interactive client (Code with PKCE)
Client ID: interactive.public
Grant type: authorization code
Requires PKCE
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
interactive.public.short
Interactive client with short token lifetime (Code with PKCE)
Client ID: interactive.public.short
Grant type: authorization code
Requires PKCE
Access token lifetime: 0h 1m 15s
Allowed scopes: api openid profile email offline_access
interactive.confidential.nopkce
Interactive client (Code without PKCE)
Client ID: interactive.confidential.nopkce
Grant type: authorization code and client credentials
Client secret: secret
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
interactive.confidential.hybrid
Interactive client (Code with Hybrid Flow)
Client ID: interactive.confidential.hybrid
Grant type: hybrid and client credentials
Client secret: secret
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
native.dpop
Native client (Code with PKCE + DPop)
Client ID: native.dpop
Grant type: authorization code
Requires PKCE
Requires the use of DPoP and nonce
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
device
Device Flow Client
Client ID: device
Grant type: device flow
Requires PKCE
Access token lifetime: 1h
Allowed scopes: api openid profile email offline_access
login
Client ID: login
Grant type: implicit
Requires PKCE
Access token lifetime: 1h
Allowed scopes: openid profile email

Sample APIs

This demo server provides several sample API endpoints:

RSA key for JWT/JAR samples

You can use the below RSA key for all clients requiring private key JWT authentication or JAR:

{
    "d":"GmiaucNIzdvsEzGjZjd43SDToy1pz-Ph-shsOUXXh-dsYNGftITGerp8bO1iryXh_zUEo8oDK3r1y4klTonQ6bLsWw4ogjLPmL3yiqsoSjJa1G2Ymh_RY_sFZLLXAcrmpbzdWIAkgkHSZTaliL6g57vA7gxvd8L4s82wgGer_JmURI0ECbaCg98JVS0Srtf9GeTRHoX4foLWKc1Vq6NHthzqRMLZe-aRBNU9IMvXNd7kCcIbHCM3GTD_8cFj135nBPP2HOgC_ZXI1txsEf-djqJj8W5vaM7ViKU28IDv1gZGH3CatoysYx6jv1XJVvb2PH8RbFKbJmeyUm3Wvo-rgQ",
    "dp":"YNjVBTCIwZD65WCht5ve06vnBLP_Po1NtL_4lkholmPzJ5jbLYBU8f5foNp8DVJBdFQW7wcLmx85-NC5Pl1ZeyA-Ecbw4fDraa5Z4wUKlF0LT6VV79rfOF19y8kwf6MigyrDqMLcH_CRnRGg5NfDsijlZXffINGuxg6wWzhiqqE",
    "dq":"LfMDQbvTFNngkZjKkN2CBh5_MBG6Yrmfy4kWA8IC2HQqID5FtreiY2MTAwoDcoINfh3S5CItpuq94tlB2t-VUv8wunhbngHiB5xUprwGAAnwJ3DL39D2m43i_3YP-UO1TgZQUAOh7Jrd4foatpatTvBtY3F1DrCrUKE5Kkn770M",
    "e":"AQAB",
    "kid":"ZzAjSnraU3bkWGnnAqLapYGpTyNfLbjbzgAPbbW2GEA",
    "kty":"RSA",
    "n":"wWwQFtSzeRjjerpEM5Rmqz_DsNaZ9S1Bw6UbZkDLowuuTCjBWUax0vBMMxdy6XjEEK4Oq9lKMvx9JzjmeJf1knoqSNrox3Ka0rnxXpNAz6sATvme8p9mTXyp0cX4lF4U2J54xa2_S9NF5QWvpXvBeC4GAJx7QaSw4zrUkrc6XyaAiFnLhQEwKJCwUw4NOqIuYvYp_IXhw-5Ti_icDlZS-282PcccnBeOcX7vc21pozibIdmZJKqXNsL1Ibx5Nkx1F1jLnekJAmdaACDjYRLL_6n3W4wUp19UvzB1lGtXcJKLLkqB6YDiZNu16OSiSprfmrRXvYmvD8m6Fnl5aetgKw",
    "p":"7enorp9Pm9XSHaCvQyENcvdU99WCPbnp8vc0KnY_0g9UdX4ZDH07JwKu6DQEwfmUA1qspC-e_KFWTl3x0-I2eJRnHjLOoLrTjrVSBRhBMGEH5PvtZTTThnIY2LReH-6EhceGvcsJ_MhNDUEZLykiH1OnKhmRuvSdhi8oiETqtPE",
    "q":"0CBLGi_kRPLqI8yfVkpBbA9zkCAshgrWWn9hsq6a7Zl2LcLaLBRUxH0q1jWnXgeJh9o5v8sYGXwhbrmuypw7kJ0uA3OgEzSsNvX5Ay3R9sNel-3Mqm8Me5OfWWvmTEBOci8RwHstdR-7b9ZT13jk-dsZI7OlV_uBja1ny9Nz9ts",
    "qi":"pG6J4dcUDrDndMxa-ee1yG4KjZqqyCQcmPAfqklI2LmnpRIjcK78scclvpboI3JQyg6RCEKVMwAhVtQM6cBcIO3JrHgqeYDblp5wXHjto70HVW6Z8kBruNx1AH9E8LzNvSRL-JVTFzBkJuNgzKQfD0G77tQRgJ-Ri7qu3_9o1M4"
}