Duende Identity Server is a popular framework for implementing authentication and authorization in .NET applications. It provides support for various protocols, including OAuth 2.0 and OpenID Connect, allowing developers to build secure and scalable identity solutions. Understanding the database schema used by Duende Identity Server is crucial for developers looking to customize their identity solutions. In this article, we'll explore the core components of the Duende Identity Server database schema.
Overview of Database Schema
The database schema for Duende Identity Server consists of several tables that manage clients, users, scopes, and tokens. Below are the key tables included in the schema:
1. Clients Table
The Clients table stores information about the applications that are allowed to authenticate users. Key columns include:
- Id: A unique identifier for the client.
- ClientId: The application's unique identifier.
- ClientName: A human-readable name for the client.
- ClientSecret: The secret used for client authentication.
- AllowedGrantTypes: The types of grants that the client can use (e.g., authorization code, client credentials).
2. Users Table
The Users table contains details about the users who can authenticate with the identity server. Important columns are:
- Id: A unique identifier for the user.
- UserName: The user's login name.
- Email: The user's email address.
- PasswordHash: The hashed password for user authentication.
3. Scopes Table
The Scopes table defines the different scopes that can be requested by clients. Scopes represent permissions that the user can grant. Key columns include:
- Id: A unique identifier for the scope.
- Scope: The name of the scope (e.g., "api1").
- Description: A brief description of the scope's purpose.
4. Tokens Table
The Tokens table holds information about the tokens issued by the identity server. This includes both access tokens and refresh tokens. Key columns are:
- Id: A unique identifier for the token.
- UserId: The identifier of the user associated with the token.
- ClientId: The identifier of the client for which the token was issued.
- TokenType: The type of the token (e.g., access token, refresh token).
- Expires: The expiration date and time of the token.
5. Persisted Grants Table
The PersistedGrants table is used to store information about grants that can be persisted across sessions. This table is important for implementing features like "Remember Me". Key columns include:
- Key: A unique key for the grant.
- GrantType: The type of grant (e.g., authorization code, refresh token).
- SubjectId: The identifier of the user.
- ClientId: The identifier of the client.
- CreationTime: The time when the grant was created.
- Expiration: The expiration time of the grant.
Conclusion
Understanding the Duende Identity Server database schema is essential for effectively managing authentication and authorization in your .NET applications. The schema is designed to be flexible and extensible, allowing developers to customize various aspects according to their specific requirements. By familiarizing yourself with the key tables and their relationships, you can harness the full power of Duende Identity Server to build secure identity solutions.
Additional Resources
To learn more about Duende Identity Server, consider reviewing the official documentation and exploring advanced features such as custom user stores, multi-tenancy, and external identity providers.
