Skip to content

Authorization Server Template — organizational overview

The Authorization Server template implements OAuth 2.x / OpenID Connect (via OpenIddict) so clients obtain access and identity tokens in a standards-based way. It complements the Identity Backend (users) and works with the API Gateway (perimeter validation).

Why use this template

  • Interoperability: SPAs, mobile apps, partner systems, and CLI tools can rely on standard OIDC/OAuth instead of custom token protocols.
  • Centralized trust: signing keys, client definitions, token lifetimes, and consent-shaped flows live in one service the platform can govern.
  • Clear separation of concerns: Identity answers “who is this user?”; the Authorization Server answers “what does this client get allowed to do?”—cleaner audits and roadmap discussions.
  • Reduced security drift: one maintained template beats each product forging token issuance from scratch.

Typical use cases

  • Customer-facing SaaS with web and mobile clients that need login, refresh, and API access tokens.
  • Partner integrations where external systems must obtain limited-scope tokens for specific APIs.
  • Internal admin and tooling that should authenticate through the same trust anchor as customer apps.

Capabilities (what you get)

  • OpenIddict-based implementation with ConnectSoft layering and deployment patterns consistent with other Layer 3 templates.
  • Client and scope modeling suited to gateway + resource API topologies (exact flows and keys in technical documentation).
  • Background and operational features (e.g., recurring jobs where enabled) aligned with ConnectSoft configuration conventions.
  • Operational hooks (health, configuration, observability) inherited via Base Template so platform teams run it like any other service.

Identity platform alignment

Within the ConnectSoft identity platform, this template owns the protocol trust boundary: OAuth/OIDC clients, scopes, consent, token issuance, signing keys, refresh/revocation, discovery, JWKS, and introspection. It does not own user profile data, MFA enrollment state, gateway route policy, or backend resource authorization.

Technical documentation (single hub)

OIDC flows, client configuration, scaffolding, solution layout, architecture, parameters, configuration, authentication, resilience, testing, development guidance, detailed use cases, and runbooks are only in ConnectSoft.Documentation under this template.

Authorization Server — technical hub (ConnectSoft.Documentation)

Identity Platform Blueprint (ConnectSoft.Documentation)