Add a guide explaining how to set up MongoDB integration

configuration/encryption-and-signing-credentials.md

@@ -8,7 +8,7 @@ To protect the tokens it issues, OpenIddict uses 2 types of credentials:
 > Tokens generated using the opt-in ASP.NET Core Data Protection integration rely on their own key ring, distinct from the credentials discussed in this documentation.
 > For more information about Data Protection, visit [ASP.NET Core Data Protection](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction).
 
-## Registering credentials in the server options
+## Registering credentials in the authorization server options
 
 OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates).
 
@@ -120,7 +120,7 @@ The best place to store your certificates will mostly depend on your host:
   - On Azure, certificates can be uploaded and exposed to Azure App Services applications using the special `WEBSITE_LOAD_CERTIFICATES` flag.
 For more information, visit https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code
 
-## Importing credentials in the validation options
+## Importing credentials in the API/resource validation options
 
 ### Using the `options.UseLocalServer()` integration
 

configuration/mongodb-integration.md

@@ -0,0 +1,129 @@
+# MongoDB integration
+
+To configure OpenIddict to use MongoDB as the database for applications, authorizations, scopes and tokens, you'll need to:
+  - **Reference the `OpenIddict.MongoDb` package**:
+    ```xml
+    <PackageReference Include="OpenIddict.MongoDb" Version="3.0.5" />
+    ```
+
+  - **Configure OpenIddict to use the MongoDB stores**:
+    ```csharp
+    services.AddOpenIddict()
+        .AddCore(options =>
+        {
+            // Note: to use a remote server, call the MongoClient constructor overload
+            // that accepts a connection string or an instance of MongoClientSettings.
+            options.UseMongoDb()
+                   .UseDatabase(new MongoClient().GetDatabase("openiddict"));
+        })
+    ```
+
+  - **Create indexes to improve performance** (recommended): for that, you can use the following script to
+initialize the database and create the indexes used by the OpenIddict entities:
+    ```csharp
+    using System.Threading;
+    using Microsoft.Extensions.DependencyInjection;
+    using Microsoft.Extensions.Options;
+    using MongoDB.Driver;
+    using OpenIddict.MongoDb;
+    using OpenIddict.MongoDb.Models;
+
+    var services = new ServiceCollection();
+    services.AddOpenIddict()
+        .AddCore(options => options.UseMongoDb());
+
+    services.AddSingleton(new MongoClient(
+        "mongodb://localhost:27017").GetDatabase("openiddict"));
+
+    var provider = services.BuildServiceProvider();
+    var context = provider.GetRequiredService<IOpenIddictMongoDbContext>();
+    var options = provider.GetRequiredService<
+        IOptionsMonitor<OpenIddictMongoDbOptions>>().CurrentValue;
+    var database = await context.GetDatabaseAsync(CancellationToken.None);
+
+    var applications = database.GetCollection<OpenIddictMongoDbApplication>(
+        options.ApplicationsCollectionName);
+
+    await applications.Indexes.CreateManyAsync(new[]
+    {
+        new CreateIndexModel<OpenIddictMongoDbApplication>(
+            Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
+                application => application.ClientId),
+            new CreateIndexOptions
+            {
+                Unique = true
+            }),
+
+        new CreateIndexModel<OpenIddictMongoDbApplication>(
+            Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
+                application => application.PostLogoutRedirectUris),
+            new CreateIndexOptions
+            {
+                Background = true
+            }),
+
+        new CreateIndexModel<OpenIddictMongoDbApplication>(
+            Builders<OpenIddictMongoDbApplication>.IndexKeys.Ascending(
+                application => application.RedirectUris),
+            new CreateIndexOptions
+            {
+                Background = true
+            })
+    });
+
+    var authorizations = database.GetCollection<OpenIddictMongoDbAuthorization>(
+        options.AuthorizationsCollectionName);
+
+    await authorizations.Indexes.CreateOneAsync(
+        new CreateIndexModel<OpenIddictMongoDbAuthorization>(
+            Builders<OpenIddictMongoDbAuthorization>.IndexKeys
+                .Ascending(authorization => authorization.ApplicationId)
+                .Ascending(authorization => authorization.Scopes)
+                .Ascending(authorization => authorization.Status)
+                .Ascending(authorization => authorization.Subject)
+                .Ascending(authorization => authorization.Type),
+            new CreateIndexOptions
+            {
+                Background = true
+            }));
+
+    var scopes = database.GetCollection<OpenIddictMongoDbScope>(
+        options.ScopesCollectionName);
+
+    await scopes.Indexes.CreateOneAsync(new CreateIndexModel<OpenIddictMongoDbScope>(
+        Builders<OpenIddictMongoDbScope>.IndexKeys.Ascending(scope => scope.Name),
+        new CreateIndexOptions
+        {
+            Unique = true
+        }));
+
+    var tokens = database.GetCollection<OpenIddictMongoDbToken>(
+        options.TokensCollectionName);
+
+    await tokens.Indexes.CreateManyAsync(new[]
+    {
+        new CreateIndexModel<OpenIddictMongoDbToken>(
+            Builders<OpenIddictMongoDbToken>.IndexKeys.Ascending(
+                token => token.ReferenceId),
+            new CreateIndexOptions<OpenIddictMongoDbToken>
+            {
+                // Note: partial filter expressions are not supported on Azure Cosmos DB.
+                // As a workaround, the expression and the unique constraint can be removed.
+                PartialFilterExpression =
+                    Builders<OpenIddictMongoDbToken>.Filter.Exists(
+                        token => token.ReferenceId),
+                Unique = true
+            }),
+
+        new CreateIndexModel<OpenIddictMongoDbToken>(
+            Builders<OpenIddictMongoDbToken>.IndexKeys
+                .Ascending(token => token.ApplicationId)
+                .Ascending(token => token.Status)
+                .Ascending(token => token.Subject)
+                .Ascending(token => token.Type),
+            new CreateIndexOptions
+            {
+                Background = true
+            })
+    });
+    ```

configuration/toc.yml

@@ -13,6 +13,9 @@
 - name: Encryption and signing credentials
   href: encryption-and-signing-credentials.md
 
+- name: MongoDB integration
+  href: mongodb-integration.md
+
 - name: Proof Key for Code Exchange
   href: proof-key-for-code-exchange.md