Use Microsoft.AspNetCore.Identity instead of Duende.IdentityServer for Blazor WebAssembly App and ASP.NET Core Web API with Individual Accounts that is ASP.NET Core Hosted

[Ogglas]

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

This has been partially discussed in the thread below but it was locked on Jul 8, 2021 and given that we have entered 2023 I think a new thread has viability.

For .NET 7 we will investigate if we can build tooling to allow development and testing of OIDC (OpenID Connect) enabled applications when disconnected from the internet.

#32494

Link with similar issues:

#32494 (comment)

Since Microsoft.AspNetCore.Identity is used for a new ASP.NET Core Web App in .NET 7 I think the same identity solution should be used for Blazor. By doing this ASP.NET Core Web API template could also get the option with Individual Accounts back.

Describe the solution you'd like

Replace Duende.IdentityServer with Microsoft.AspNetCore.Identity or a similar library created/maintained by Microsoft. I know you are not authentication experts and have no expertise in writing or maintaining an authentication server but everyone does not want to use AAD. I think Microsoft should provide their own library for these situations.

#32494 (comment)

Additional context

No response

[ghost]

Thanks for contacting us.

We're moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[Ogglas]

It seems this will be implemented now:

• Modernize existing identity to support token-based auth. Although our existing cookie-based solution works for SPA apps, the industry has evolved and token-based auth solutions are far more flexible and common. We plan to extend the existing identity platform to enable token-based authentication out-of-the-box. This would mostly mirror the capabilities and functionality of the existing cookie-based solution and encapsulate the auth data in a token rather than a cookie and enable it to work in scenarios where cookies are not optimal or appropriate.
• Remove the dependency on Duende's IdentityServer from our SPA templates. This is a common request and it makes sense given there are more options out there and the licensing changed after it was first included in our templates. IdentityServer remains a great option for self-hosting a standards-compliant Open ID Connect and OAuth 2.0 solution. Duende provides their own template to integrate with ASP.NET Core Identity.

#42158 (comment)

#47226

[mkArtakMSFT]

@halter73 I think this should be closed now, or is there anything left?

[halter73]

We still need to remove the Microsoft.AspNetCore.ApiAuthorization.IdentityServer project from the repo.