diff --git a/configuration/encryption-and-signing-credentials.md b/configuration/encryption-and-signing-credentials.md
index 3d32a5d..34710ef 100644
--- a/configuration/encryption-and-signing-credentials.md
+++ b/configuration/encryption-and-signing-credentials.md
@@ -8,7 +8,7 @@ To protect the tokens it issues, OpenIddict uses 2 types of credentials:
> Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation.
> For more information about Data Protection, visit [ASP.NET Core Data Protection](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction).
-## Registering credentials in the server options
+## Registering credentials in the authorization server options
OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates).
@@ -120,7 +120,7 @@ The best place to store your certificates will mostly depend on your host:
- On Azure, certificates can be uploaded and exposed to Azure App Services applications using the special `WEBSITE_LOAD_CERTIFICATES` flag.
For more information, visit https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code
-## Importing credentials in the validation options
+## Importing credentials in the API/resource validation options
### Using the `options.UseLocalServer()` integration
diff --git a/configuration/mongodb-integration.md b/configuration/mongodb-integration.md
new file mode 100644
index 0000000..939f523
--- /dev/null
+++ b/configuration/mongodb-integration.md
@@ -0,0 +1,129 @@
+# MongoDB integration
+
+To configure OpenIddict to use MongoDB as the database for applications, authorizations, scopes and tokens, you'll need to:
+ - **Reference the `OpenIddict.MongoDb` package**:
+ ```xml
+
+ ```
+
+ - **Configure OpenIddict to use the MongoDB stores**:
+ ```csharp
+ services.AddOpenIddict()
+ .AddCore(options =>
+ {
+ // Note: to use a remote server, call the MongoClient constructor overload
+ // that accepts a connection string or an instance of MongoClientSettings.
+ options.UseMongoDb()
+ .UseDatabase(new MongoClient().GetDatabase("openiddict"));
+ })
+ ```
+
+ - **Create indexes to improve performance** (recommended): for that, you can use the following script to
+initialize the database and create the indexes used by the OpenIddict entities:
+ ```csharp
+ using System.Threading;
+ using Microsoft.Extensions.DependencyInjection;
+ using Microsoft.Extensions.Options;
+ using MongoDB.Driver;
+ using OpenIddict.MongoDb;
+ using OpenIddict.MongoDb.Models;
+
+ var services = new ServiceCollection();
+ services.AddOpenIddict()
+ .AddCore(options => options.UseMongoDb());
+
+ services.AddSingleton(new MongoClient(
+ "mongodb://localhost:27017").GetDatabase("openiddict"));
+
+ var provider = services.BuildServiceProvider();
+ var context = provider.GetRequiredService();
+ var options = provider.GetRequiredService<
+ IOptionsMonitor>().CurrentValue;
+ var database = await context.GetDatabaseAsync(CancellationToken.None);
+
+ var applications = database.GetCollection(
+ options.ApplicationsCollectionName);
+
+ await applications.Indexes.CreateManyAsync(new[]
+ {
+ new CreateIndexModel(
+ Builders.IndexKeys.Ascending(
+ application => application.ClientId),
+ new CreateIndexOptions
+ {
+ Unique = true
+ }),
+
+ new CreateIndexModel(
+ Builders.IndexKeys.Ascending(
+ application => application.PostLogoutRedirectUris),
+ new CreateIndexOptions
+ {
+ Background = true
+ }),
+
+ new CreateIndexModel(
+ Builders.IndexKeys.Ascending(
+ application => application.RedirectUris),
+ new CreateIndexOptions
+ {
+ Background = true
+ })
+ });
+
+ var authorizations = database.GetCollection(
+ options.AuthorizationsCollectionName);
+
+ await authorizations.Indexes.CreateOneAsync(
+ new CreateIndexModel(
+ Builders.IndexKeys
+ .Ascending(authorization => authorization.ApplicationId)
+ .Ascending(authorization => authorization.Scopes)
+ .Ascending(authorization => authorization.Status)
+ .Ascending(authorization => authorization.Subject)
+ .Ascending(authorization => authorization.Type),
+ new CreateIndexOptions
+ {
+ Background = true
+ }));
+
+ var scopes = database.GetCollection(
+ options.ScopesCollectionName);
+
+ await scopes.Indexes.CreateOneAsync(new CreateIndexModel(
+ Builders.IndexKeys.Ascending(scope => scope.Name),
+ new CreateIndexOptions
+ {
+ Unique = true
+ }));
+
+ var tokens = database.GetCollection(
+ options.TokensCollectionName);
+
+ await tokens.Indexes.CreateManyAsync(new[]
+ {
+ new CreateIndexModel(
+ Builders.IndexKeys.Ascending(
+ token => token.ReferenceId),
+ new CreateIndexOptions
+ {
+ // Note: partial filter expressions are not supported on Azure Cosmos DB.
+ // As a workaround, the expression and the unique constraint can be removed.
+ PartialFilterExpression =
+ Builders.Filter.Exists(
+ token => token.ReferenceId),
+ Unique = true
+ }),
+
+ new CreateIndexModel(
+ Builders.IndexKeys
+ .Ascending(token => token.ApplicationId)
+ .Ascending(token => token.Status)
+ .Ascending(token => token.Subject)
+ .Ascending(token => token.Type),
+ new CreateIndexOptions
+ {
+ Background = true
+ })
+ });
+ ```
\ No newline at end of file
diff --git a/configuration/toc.yml b/configuration/toc.yml
index 99e1b95..0e2f771 100644
--- a/configuration/toc.yml
+++ b/configuration/toc.yml
@@ -13,6 +13,9 @@
- name: Encryption and signing credentials
href: encryption-and-signing-credentials.md
+- name: MongoDB integration
+ href: mongodb-integration.md
+
- name: Proof Key for Code Exchange
href: proof-key-for-code-exchange.md