IdentityServer4 contains a known Open Redirect vulnerability (CVE-2024-39694). Please see the security advisory. This is currently being worked as the project is being updated.
The project is currently concerned alpha as of 2025-08-14 as the project is undergoing the rewrite for .NET 8.0 support.
This project is a fork of the original IdentityServer4 codebase work has begun on supporting .NET 8.0 with a goal of supporting .NET 10 upon release as a LTS. Evolutionary Networking Designs (END) believes in maintaining an OIDC compatible SSO in C# to be valuable to the community as a whole. It is this organizations goal to continue the development under the Apache 2.0 license.
IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Originally Founded by Dominick Baier and Brock Allen, it is now maintained by Evolutionary Networking Designs (END). IdentityServer4 incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and API access control in your applications. The original codebase for IdentityServer4 was officially certified by the OpenID Foundation and thus spec-compliant and interoperable. It is the goal of this project to recertify once the migration is completed. It is licensed under Apache 2 (an OSI approved license).
Active development happens on the main branch. This always contains the latest version. Each (pre-) release is tagged with the corresponding version. The aspnetcore1 and aspnetcore2 branches contain the latest versions of the older ASP.NET Core based versions.
- Install the latest .NET 8.0 SDK
- Install Git
- Clone this repo
- Run
build.shin the root of the cloned repo
Updated documentation is currently being worked on
Please use the issue tracker for that.
IdentityServer4 is built using the following great open source projects and free services:
..and last but not least a big thanks to all our contributors!