Alice Identity Service (AIS) is an OpenID Connect (OIDC) identity provider. Based on OpenIddict and ASP.NET Core Identity, AIS provides the capabilities to manage users, claims, scopes, and clients, and serves as a single sign-on (SSO) service for other applications and APIs.
- Create an empty PostgreSQL database. AIS uses Entity Framework Core so it is possible to use other DBMS like MySQL or MS SQL Server, though it'll need some changes to the code.
- Populate the database using the following SQL scripts in the
AliceIdentityService/Scriptsfolder:
CreateSchema.sql- create all the tables.PopulateSchema.sql- create additional indexes, stored procedures, and so on.
- Copy
AliceIdentityService/appsettings.json.sampletoAliceIdentityService/appsettings.json, and changeappsettings.jsonaccording to your environment. - Run
ConsoleManager
- Generate an encryption certificate and a signing certificate.
- Create a user with the
ais-adminclaim. This user is the administrator who can manage users, scopes, and clients.
- Run
AliceIdentityService.
AIS uses Alice Mail Service (AMS) to send emails. For the email functions
(e.g. sending verification emails, password reset emails) to work, you need to set up AMS then configure the RabbitMQ
section in appsettings.json accordingly.
AIS only supports Authorization Code and Refresh Token grants and the code response type. Client Credentials will be
added when necessary.
All clients use implicit consent type, which means that the consent screen is never shown and a user cannot pick and
choose which requested scopes should be granted to a client. Note that this does not mean a client can request any
scope it wants - each client is still limited to its "allowed scopes" configured in the system.