Update the documentation pages

2025-07-15 23:13:34 +08:00 · 2022-01-13 17:00:07 +00:00 · 2022-01-13 17:00:07 +00:00 · a9a0c1bb53
commit a9a0c1bb53
parent 77bc2d76c7
7 changed files with 373 additions and 57 deletions
--- a/guides/getting-started.html
+++ b/guides/getting-started.html
@ -234,8 +234,7 @@ Here&#39;s an example for the client credentials grant:</p>
            await _applicationManager.GetDisplayNameAsync(application),
            Destinations.AccessToken, Destinations.IdentityToken);
-        return SignIn(new ClaimsPrincipal(identity),
+        return SignIn(new ClaimsPrincipal(identity), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
            OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
    }
 }
 </code></pre></li>
@ -254,8 +253,7 @@ Here&#39;s an example for the client credentials grant:</p>
        var context = scope.ServiceProvider.GetRequiredService&lt;ApplicationDbContext&gt;();
        await context.Database.EnsureCreatedAsync();
-        var manager =
+        var manager = scope.ServiceProvider.GetRequiredService&lt;IOpenIddictApplicationManager&gt;();
            scope.ServiceProvider.GetRequiredService&lt;IOpenIddictApplicationManager&gt;();
        if (await manager.FindByClientIdAsync(&quot;console&quot;) is null)
        {
--- a/guides/index.html
+++ b/guides/index.html
@ -6,9 +6,9 @@
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-    <title>Introduction </title>
+    <title>What's OpenIddict? </title>
    <meta name="viewport" content="width=device-width">
-    <meta name="title" content="Introduction ">
+    <meta name="title" content="What's OpenIddict? ">
    <meta name="generator" content="docfx 2.56.7.0">
    <link rel="shortcut icon" href="../images/favicon.ico">
@ -91,17 +91,129 @@
                        </div>
                    <article class="content wrap" id="_content" data-uid="">
-<h1 id="introduction">Introduction</h1>
+<h2 id="whats-openiddict">What&#39;s OpenIddict?</h2>
-<h2 id="whats-openiddict">What&#39;s OpenIddict?</h2>
+<p>OpenIddict is <strong>an open source and versatile framework for building standard-compliant OAuth 2.0/OpenID Connect servers</strong>
-<p>OpenIddict was born in late 2015 and was initially based on <strong><a href="https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server">AspNet.Security.OpenIdConnect.Server</a></strong>
+in any ASP.NET Core 2.1 (and higher) and legacy ASP.NET 4.6.1 (and higher) applications.</p>
-(codenamed ASOS), a low-level OpenID Connect server middleware forked from OWIN/Katana&#39;s <code>OAuthAuthorizationServerMiddleware</code>. In 2020, ASOS was merged into OpenIddict 3.0
+<p>OpenIddict was born in late 2015 and was initially based on <a href="https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server">AspNet.Security.OpenIdConnect.Server</a>
-to form a unified stack under the OpenIddict umbrella, while still offering an easy-to-use approach for new users and a low-level experience for advanced users.</p>
+(codenamed ASOS), a low-level OpenID Connect server middleware inspired by the OAuth 2.0 authorization server middleware developed by Microsoft for the OWIN project
-<h2 id="why-an-openid-connect-server">Why an OpenID Connect server?</h2>
+and the first OpenID Connect server ever created for ASP.NET Core.</p>
-<p>Adding an OpenID Connect server to your application <strong>allows you to support token authentication</strong>.
+<p>In 2020, ASOS was merged into OpenIddict 3.0 to form a unified stack under the OpenIddict umbrella, while still offering an easy-to-use approach for new users
-It also allows you to manage all your users using local password or an external identity provider (e.g. Facebook or Google) for all your
+and a low-level experience for advanced users thanks to a &quot;degraded mode&quot; that allows using OpenIddict in a stateless way (i.e without a backing database).</p>
-applications in one central place, with the power to control who can access your API and the information that is exposed to each client.</p>
+<p>As part of this process, native support for <code>Microsoft.Owin</code> was added to OpenIddict 3.0 to allow using it in legacy ASP.NET 4.6.1 (and higher) applications,
-</article>
+making it an excellent candidate for replacing <code>OAuthAuthorizationServerMiddleware</code> and <code>OAuthBearerAuthenticationMiddleware</code> without having to migrate to ASP.NET Core.</p>
 <h2 id="core-concepts">Core concepts</h2>
 <h3 id="user-authentication">User authentication</h3>
 <p>Unlike other solutions, <strong>OpenIddict exclusively focuses on the OAuth 2.0/OpenID Connect protocol aspects of the authorization process</strong>
 and leaves user authentication up to the implementer: OpenIddict can be natively used with any form of user authentication like password, token,
 federated or Integration Windows Authentication. While convenient, using a membership stack like ASP.NET Core Identity is not required.</p>
 <p>Integration with OpenIddict is typically done by enabling the pass-through mode to handle requests in a controller action
 or in a minimal API handler or, for more complex scenarios, by directly using its advanced events model.</p>
 <h3 id="pass-through-mode">Pass-through mode</h3>
 <p>As with <code>OAuthAuthorizationServerMiddleware</code>, OpenIddict allows handling authorization, logout and token requests in custom controller actions or any other
 middleware able to hook into the ASP.NET Core or OWIN request processing pipeline. In this case, OpenIddict will always validate incoming requests first
 (e.g by ensuring the mandatory parameters are present and valid) before allowing the rest of the pipeline to be invoked: should any validation error occur,
 OpenIddict will automatically reject the request before it reaches user-defined controller actions or custom middleware.</p>
 <pre><code class="lang-csharp">builder.Services.AddOpenIddict()
    .AddServer(options =&gt;
    {
        // Enable the authorization and token endpoints.
        options.SetAuthorizationEndpointUris(&quot;/authorize&quot;)
               .SetTokenEndpointUris(&quot;/token&quot;);
        // Enable the authorization code flow.
        options.AllowAuthorizationCodeFlow();
        // Register the signing and encryption credentials.
        options.AddDevelopmentEncryptionCertificate()
               .AddDevelopmentSigningCertificate();
        // Register the ASP.NET Core host and configure the authorization endpoint
        // to allow the /authorize minimal API handler to handle authorization requests
        // after being validated by the built-in OpenIddict server event handlers.
        //
        // Token requests will be handled by OpenIddict itself by reusing the identity
        // created by the /authorize handler and stored in the authorization codes.
        options.UseAspNetCore()
               .EnableAuthorizationEndpointPassthrough();
    });
 </code></pre><pre><code class="lang-csharp">app.MapGet(&quot;/authorize&quot;, async (HttpContext context) =&gt;
 {
    // Resolve the claims stored in the principal created after the Steam authentication dance.
    // If the principal cannot be found, trigger a new challenge to redirect the user to Steam.
    var principal = (await context.AuthenticateAsync(SteamAuthenticationDefaults.AuthenticationScheme))?.Principal;
    if (principal is null)
    {
        return Results.Challenge(properties: null, new[] { SteamAuthenticationDefaults.AuthenticationScheme });
    }
    var identifier = principal.FindFirst(ClaimTypes.NameIdentifier)!.Value;
    // Create a new identity and import a few select claims from the Steam principal.
    var identity = new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType);
    identity.AddClaim(new Claim(Claims.Subject, identifier));
    identity.AddClaim(new Claim(Claims.Name, identifier).SetDestinations(Destinations.AccessToken));
    return Results.SignIn(new ClaimsPrincipal(identity), properties: null, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
 });
 </code></pre><h3 id="events-model">Events model</h3>
 <p>OpenIddict implements a powerful event-based model for its server and validation stacks: each part of the request processing logic is implemented as an event handler
 that can be removed, moved to a different position in the pipeline or replaced by a custom handler to override the default logic used by OpenIddict:</p>
 <pre><code class="lang-csharp">/// &lt;summary&gt;
 /// Contains the logic responsible of rejecting authorization requests that don&#39;t specify a valid prompt parameter.
 /// &lt;/summary&gt;
 public class ValidatePromptParameter : IOpenIddictServerHandler&lt;ValidateAuthorizationRequestContext&gt;
 {
    /// &lt;summary&gt;
    /// Gets the default descriptor definition assigned to this handler.
    /// &lt;/summary&gt;
    public static OpenIddictServerHandlerDescriptor Descriptor { get; }
        = OpenIddictServerHandlerDescriptor.CreateBuilder&lt;ValidateAuthorizationRequestContext&gt;()
            .UseSingletonHandler&lt;ValidatePromptParameter&gt;()
            .SetOrder(ValidateNonceParameter.Descriptor.Order + 1_000)
            .SetType(OpenIddictServerHandlerType.BuiltIn)
            .Build();
    /// &lt;inheritdoc/&gt;
    public ValueTask HandleAsync(ValidateAuthorizationRequestContext context)
    {
        if (context is null)
        {
            throw new ArgumentNullException(nameof(context));
        }
        // Reject requests specifying prompt=none with consent/login or select_account.
        if (context.Request.HasPrompt(Prompts.None) &amp;&amp; (context.Request.HasPrompt(Prompts.Consent) ||
                                                        context.Request.HasPrompt(Prompts.Login) ||
                                                        context.Request.HasPrompt(Prompts.SelectAccount)))
        {
            context.Logger.LogInformation(SR.GetResourceString(SR.ID6040));
            context.Reject(
                error: Errors.InvalidRequest,
                description: SR.FormatID2052(Parameters.Prompt),
                uri: SR.FormatID8000(SR.ID2052));
            return default;
        }
        return default;
    }
 }
 </code></pre><p>In OpenIddict itself, event handlers are typically defined as dedicated classes but they can also be registered using delegates:</p>
 <pre><code class="lang-csharp">services.AddOpenIddict()
    .AddServer(options =&gt;
    {
        options.AddEventHandler&lt;HandleConfigurationRequestContext&gt;(builder =&gt;
            builder.UseInlineHandler(context =&gt;
            {
                // Attach custom metadata to the configuration document.
                context.Metadata[&quot;custom_metadata&quot;] = 42;
                return default;
            }));
    });
 </code></pre></article>
                </div>
            </main>
--- a/guides/migration/20-to-30.html
+++ b/guides/migration/20-to-30.html
@ -163,9 +163,44 @@ and are no longer supported. Make sure your application (or intermediate librari
 <div class="IMPORTANT"><h5>Important</h5><p>If your application references the <code>OpenIdConnectConstants</code> class, update it to use <code>OpenIddictConstants</code> instead.</p>
 </div>
 <h2 id="update-the-references-to-the-entity-framework-coreentity-framework-6mongodb-models">Update the references to the Entity Framework Core/Entity Framework 6/MongoDB models</h2>
-<p>If your application references the <code>OpenIddictApplication</code>, <code>OpenIddictAuthorization</code>, <code>OpenIddictScope</code> or <code>OpenIddictToken</code> models, update these reference to use
+<p>If your application references the <code>OpenIddictApplication</code>, <code>OpenIddictAuthorization</code>, <code>OpenIddictScope</code> or <code>OpenIddictToken</code> models,
-their new names: <code>OpenIddict[provider name]Application</code>, <code>OpenIddict[provider name]Authorization</code>, <code>OpenIddict[provider name]Scope</code> and <code>OpenIddict[provider name]Token</code>
+update these reference to use their new names:</p>
-(e.g when using MongoDB: <code>OpenIddictMongoDbApplication</code>, <code>OpenIddictMongoDbAuthorization</code>, <code>OpenIddictMongoDbScope</code> and <code>OpenIddictMongoDbToken</code>).</p>
+<table>
 <thead>
 <tr>
 <th>Old name</th>
 <th>New name (Entity Framework Core)</th>
 <th>New name (Entity Framework 6)</th>
 <th>New name (MongoDB)</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td>OpenIddictApplication</td>
 <td>OpenIddictEntityFrameworkCoreApplication</td>
 <td>OpenIddictEntityFrameworkApplication</td>
 <td>OpenIddictMongoDbApplication</td>
 </tr>
 <tr>
 <td>OpenIddictAuthorization</td>
 <td>OpenIddictEntityFrameworkCoreAuthorization</td>
 <td>OpenIddictEntityFrameworkAuthorization</td>
 <td>OpenIddictMongoDbAuthorization</td>
 </tr>
 <tr>
 <td>OpenIddictScope</td>
 <td>OpenIddictEntityFrameworkCoreScope</td>
 <td>OpenIddictEntityFrameworkScope</td>
 <td>OpenIddictMongoDbScope</td>
 </tr>
 <tr>
 <td>OpenIddictToken</td>
 <td>OpenIddictEntityFrameworkCoreToken</td>
 <td>OpenIddictEntityFrameworkToken</td>
 <td>OpenIddictMongoDbToken</td>
 </tr>
 </tbody>
 </table>
 <h2 id="enable-aspnet-core-integration-in-the-server-and-validation-options">Enable ASP.NET Core integration in the server and validation options</h2>
 <p>With the base server and validation stacks being decoupled from ASP.NET Core, you now have to explicitly register the ASP.NET Core host in the server/validation options:</p>
 <pre><code class="lang-csharp">services.AddOpenIddict()
@ -339,8 +374,9 @@ and the hybrid flow MUST be explicitly opted in. If you use the hybrid flow, mak
    });
 </code></pre><h2 id="update-your-applications-to-grant-them-the-appropriate-response-type-permissions">Update your applications to grant them the appropriate response type permissions</h2>
 <p>New response type permissions - enforced by default - <a href="/configuration/application-permissions.html#response-type-permissions">have been introduced in 3.0</a>.</p>
-<p>If you have many applications to migrate, you can use <a href="https://github.com/openiddict/openiddict-core/issues/1138#issuecomment-713681158">this script</a>
+<div class="NOTE"><h5>Note</h5><p>If you have many applications to migrate, you can use <a href="https://github.com/openiddict/openiddict-core/issues/1138#issuecomment-713681158">this script</a>
 to infer appropriate response type permissions using the already granted grant types.</p>
 </div>
 </article>
                </div>
--- a/index.html
+++ b/index.html
@ -6,9 +6,9 @@
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-    <title>OpenIddict: the OpenID Connect stack you'll be addicted to </title>
+    <title>What's OpenIddict? </title>
    <meta name="viewport" content="width=device-width">
-    <meta name="title" content="OpenIddict: the OpenID Connect stack you'll be addicted to ">
+    <meta name="title" content="What's OpenIddict? ">
    <meta name="generator" content="docfx 2.56.7.0">
    <link rel="shortcut icon" href="images/favicon.ico">
@ -90,37 +90,202 @@
 <div class="NOTE"><h5>Note</h5><p>This documentation is a work-in-progress. To contribute, please visit <a href="https://github.com/openiddict/openiddict-documentation">https://github.com/openiddict/openiddict-documentation</a>.</p>
 </div>
-<h1 id="openiddict-the-openid-connect-stack-youll-be-addicted-to">OpenIddict: the OpenID Connect stack you&#39;ll be addicted to</h1>
+<h1 id="whats-openiddict">What&#39;s OpenIddict?</h1>
 <p>OpenIddict aims at providing a <strong>versatile solution</strong> to implement an <strong>OpenID Connect server and token validation in any ASP.NET Core 2.1 (and higher) application</strong>.
 <strong>ASP.NET 4.6.1 (and higher) applications are also fully supported thanks to a native Microsoft.Owin 4.2 integration</strong>.</p>
-<p>OpenIddict fully supports the <strong><a href="https://openid.net/specs/openid-connect-core-1_0.html">code/implicit/hybrid flows</a></strong>, the <strong><a href="https://tools.ietf.org/html/rfc6749">client credentials/resource owner password grants</a></strong> and the <a href="https://tools.ietf.org/html/rfc8628">device authorization flow</a>. You can also create your own custom grant types.</p>
+<p>OpenIddict fully supports the <strong><a href="http://openid.net/specs/openid-connect-core-1_0.html">code/implicit/hybrid flows</a></strong>,
-<p>OpenIddict natively supports <strong><a href="https://www.nuget.org/packages/OpenIddict.EntityFrameworkCore">Entity Framework Core</a></strong>, <strong><a href="https://www.nuget.org/packages/OpenIddict.EntityFramework">Entity Framework 6</a></strong> and <strong><a href="https://www.nuget.org/packages/OpenIddict.MongoDb">MongoDB</a></strong> out-of-the-box, but you can also provide your own stores.</p>
+the <strong><a href="https://tools.ietf.org/html/rfc6749">client credentials/resource owner password grants</a></strong> and the <a href="https://tools.ietf.org/html/rfc8628">device authorization flow</a>.</p>
-<div class="row">
+<p>OpenIddict natively supports <strong><a href="https://www.nuget.org/packages/OpenIddict.EntityFrameworkCore">Entity Framework Core</a></strong>,
-    <div class="col-md-4">
+<strong><a href="https://www.nuget.org/packages/OpenIddict.EntityFramework">Entity Framework 6</a></strong> and <strong><a href="https://www.nuget.org/packages/OpenIddict.MongoDb">MongoDB</a></strong>
-        <div class="panel panel-default" style="min-height: 120px;">
+out-of-the-box and custom stores can be implemented to support other providers.</p>
-            <div class="panel-body">
+<h1 id="getting-started">Getting started</h1>
-                <p><strong><a href="guides/index.html">Introduction</a></strong></p>
+<p><strong>Developers looking for a simple and turnkey solution are strongly encouraged to use <a href="https://docs.orchardcore.net/en/dev/docs/reference/modules/OpenId/">OrchardCore and its OpenID module</a></strong>,
-                <p>Read an introduction on OpenIddict and the reason it was created.</p>
+which is based on OpenIddict, comes with sensible defaults and offers a built-in management GUI to easily register OpenID client applications.</p>
-            </div>
+<p><strong>To implement a custom OpenID Connect server using OpenIddict, read <a href="guides/getting-started.html">Getting started</a></strong>.</p>
-        </div>
+<p><strong>Samples demonstrating how to use OpenIddict with the different OAuth 2.0/OpenID Connect flows</strong>
-    </div>
+can be found in the <a href="https://github.com/openiddict/openiddict-samples">dedicated repository</a>.</p>
-    <div class="col-md-4">
+<h1 id="compatibility-matrix">Compatibility matrix</h1>
-        <div class="panel panel-default" style="min-height: 120px;">
+<table>
-            <div class="panel-body">
+<thead>
-                <p><strong><a href="guides/getting-started.html">Getting started</a></strong></p>
+<tr>
-                <p>Get started quickly by working through this step-by-step guide.</p>
+<th>Web framework version</th>
-            </div>
+<th>.NET runtime version</th>
-        </div>
+<th>OpenIddict 3.x</th>
-    </div>
+<th>OpenIddict 4.x (preview)</th>
-    <div class="col-md-4">
+</tr>
-        <div class="panel panel-default" style="min-height: 120px;">
+</thead>
-            <div class="panel-body">
+<tbody>
-                <p><strong><a href="https://github.com/openiddict/openiddict-samples">Samples</a></strong></p>
+<tr>
-                <p>View samples implementing the various authorization flows.</p>
+<td>ASP.NET Core 2.1</td>
-            </div>
+<td>.NET Framework 4.6.1</td>
-        </div>
+<td><span class="emoji" shortcode="heavy_check_mark">✔️</span> <span class="emoji" shortcode="information_source">ℹ️</span></td>
-    </div>
+<td><span class="emoji" shortcode="heavy_check_mark">✔️</span> <span class="emoji" shortcode="information_source">ℹ️</span></td>
-</div>
+</tr>
 <tr>
 <td>ASP.NET Core 2.1</td>
 <td>.NET Framework 4.7.2</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 <tr>
 <td>ASP.NET Core 2.1</td>
 <td>.NET Framework 4.8</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 <tr>
 <td>ASP.NET Core 2.1</td>
 <td>.NET Core 2.1</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="exclamation">❗</span></td>
 </tr>
 <tr>
 <td></td>
 <td></td>
 <td></td>
 <td></td>
 </tr>
 <tr>
 <td>ASP.NET Core 3.1</td>
 <td>.NET Core 3.1</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 <tr>
 <td></td>
 <td></td>
 <td></td>
 <td></td>
 </tr>
 <tr>
 <td>ASP.NET Core 5.0</td>
 <td>.NET 5.0</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 <tr>
 <td>ASP.NET Core 6.0</td>
 <td>.NET 6.0</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 <tr>
 <td></td>
 <td></td>
 <td></td>
 <td></td>
 </tr>
 <tr>
 <td>Microsoft.Owin 4.2</td>
 <td>.NET Framework 4.6.1</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span> <span class="emoji" shortcode="information_source">ℹ️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span> <span class="emoji" shortcode="information_source">ℹ️</span></td>
 </tr>
 <tr>
 <td>Microsoft.Owin 4.2</td>
 <td>.NET Framework 4.7.2</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 <tr>
 <td>Microsoft.Owin 4.2</td>
 <td>.NET Framework 4.8</td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 <td><span class="emoji" shortcode="heavy_check_mark">✔️</span></td>
 </tr>
 </tbody>
 </table>
 <p><span class="emoji" shortcode="exclamation">❗</span> <strong>Note: ASP.NET Core 2.1 on .NET Core 2.1 is no longer supported. While OpenIddict 4.x can still be used on .NET Core 2.1
 thanks to its .NET Standard 2.0 compatibility, users are strongly encouraged to migrate to ASP.NET Core/.NET 6.0</strong>.
 ASP.NET Core 2.1 on .NET Framework 4.6.1 (and higher) is still fully supported.</p>
 <p><span class="emoji" shortcode="information_source">ℹ️</span> <strong>Note: the following features are not available when targeting .NET Framework 4.6.1</strong>:</p>
 <ul>
 <li>X.509 development encryption/signing certificates: calling <code>AddDevelopmentEncryptionCertificate()</code> or <code>AddDevelopmentSigningCertificate()</code>
 will result in a <code>PlatformNotSupportedException</code> being thrown at runtime if no valid development certificate can be found and a new one must be generated.</li>
 <li>X.509 ECDSA signing certificates/keys: calling <code>AddSigningCertificate()</code> or <code>AddSigningKey()</code>
 with an ECDSA certificate/key will always result in a <code>PlatformNotSupportedException</code> being thrown at runtime.</li>
 </ul>
 <h1 id="certification">Certification</h1>
 <p>Unlike many other identity providers, <strong>OpenIddict is not a turnkey solution but a framework that requires writing custom code</strong>
 to be operational (typically, at least an authorization controller), making it a poor candidate for the certification program.</p>
 <p>While a reference implementation could be submitted as-is, <strong>this wouldn&#39;t guarantee that implementations deployed by OpenIddict users would be standard-compliant.</strong></p>
 <p>Instead, <strong>developers are encouraged to execute the conformance tests against their own deployment</strong> once they&#39;ve implemented their own logic.</p>
 <blockquote><p>The samples repository contains <a href="https://github.com/openiddict/openiddict-samples/tree/dev/samples/Contruum/Contruum.Server">a dedicated sample</a> specially designed to be used
 with the OpenID Connect Provider Certification tool and demonstrate that OpenIddict can be easily used in a certified implementation. To allow executing the certification tests
 as fast as possible, that sample doesn&#39;t include any membership or consent feature (two hardcoded identities are proposed for tests that require switching between identities).</p>
 </blockquote>
 <hr>
 <h1 id="resources">Resources</h1>
 <p><strong>Looking for additional resources to help you get started with OpenIddict?</strong> Don&#39;t miss these interesting blog posts:</p>
 <ul>
 <li><strong><a href="https://damienbod.com/2022/01/03/secure-a-blazor-wasm-asp-net-core-hosted-app-using-bff-and-openiddict/">Secure a Blazor WASM ASP.NET Core hosted APP using BFF and OpenIddict</a></strong> by <a href="https://github.com/damienbod">Damien Bowden</a></li>
 <li><strong><a href="https://virtocommerce.com/blog/how-to-secure-aspnet-core-applications-with-openiddict-using-virto-commerce-platform">How to Secure ASP.NET Core Applications with OpenIddict Using Virto Commerce B2B eCommerce: Tech Case Study</a></strong> by <a href="https://virtocommerce.com/">Virto Commerce</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/12/23/openiddict-3-0-general-availability/">OpenIddict 3.0 general availability</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://dev.to/robinvanderknaap/setting-up-an-authorization-server-with-openiddict-part-i-introduction-4jid">Setting up an Authorization Server with OpenIddict</a></strong> by <a href="https://dev.to/robinvanderknaap">Robin van der Knaap</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/11/17/introducing-openiddict-3-0-s-first-release-candidate-version/">Introducing OpenIddict 3.0&#39;s first release candidate version</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/10/27/openiddict-3-0-beta6-is-out/">OpenIddict 3.0 beta6 is out</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/10/02/introducing-quartz-net-support-and-new-languages-in-openiddict-3-0-beta4/">Introducing Quartz.NET support and new languages in OpenIddict 3.0 beta4</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/08/03/introducing-localization-support-in-openiddict-3-0-beta3/">Introducing localization support in OpenIddict 3.0 beta3</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/07/08/openiddict-3-0-beta2-is-out/">OpenIddict 3.0 beta2 is out</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/06/11/introducing-openiddict-3-0-beta1/">Introducing OpenIddict 3.0 beta1</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/03/03/adding-openiddict-3-0-to-an-owin-application/">Adding OpenIddict 3.0 to an OWIN application</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 <li><strong><a href="https://kevinchalet.com/2020/02/18/creating-an-openid-connect-server-proxy-with-openiddict-3-0-s-degraded-mode/">Creating an OpenID Connect server proxy with OpenIddict 3.0&#39;s degraded mode</a></strong> by <a href="https://github.com/kevinchalet">Kévin Chalet</a></li>
 </ul>
 <p><strong>OpenIddict-based projects maintained by third parties</strong>:</p>
 <ul>
 <li><strong><a href="https://github.com/OrchardCMS/OrchardCore">OrchardCore OpenID module</a></strong>: turnkey OpenID Connect server and token validation solution, built with multitenancy in mind</li>
 <li><strong><a href="https://github.com/thomasduft/openiddict-ui">OpenIddict UI</a></strong> by <a href="https://github.com/thomasduft">Thomas Duft</a>: headless UI for managing client applications and scopes</li>
 <li><strong><a href="https://github.com/panoukos41/couchdb-openiddict">P41.OpenIddict.CouchDB</a></strong> by <a href="https://github.com/panoukos41">Panos Athanasiou</a>: CouchDB stores for OpenIddict</li>
 </ul>
 <h1 id="security-policy">Security policy</h1>
 <p>Security issues and bugs should be reported privately by emailing security@openiddict.com.
 You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.</p>
 <h1 id="support">Support</h1>
 <p>If you need support, please make sure you <a href="https://github.com/sponsors/kevinchalet">sponsor the project</a> before creating a GitHub ticket.
 If you&#39;re not a sponsor, you can post your questions on Gitter or StackOverflow:</p>
 <ul>
 <li><strong>Gitter: <a href="https://gitter.im/openiddict/openiddict-core">https://gitter.im/openiddict/openiddict-core</a></strong></li>
 <li><strong>StackOverflow: <a href="https://stackoverflow.com/questions/tagged/openiddict">https://stackoverflow.com/questions/tagged/openiddict</a></strong></li>
 </ul>
 <h1 id="nightly-builds">Nightly builds</h1>
 <p>If you want to try out the latest features and bug fixes, there is a MyGet feed with nightly builds of OpenIddict.
 To reference the OpenIddict MyGet feed, <strong>create a <code>NuGet.config</code> file</strong> (at the root of your solution):</p>
 <pre><code class="lang-xml">&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
 &lt;configuration&gt;
  &lt;packageSources&gt;
    &lt;add key=&quot;nuget&quot; value=&quot;https://api.nuget.org/v3/index.json&quot; /&gt;
    &lt;add key=&quot;openiddict&quot; value=&quot;https://www.myget.org/F/openiddict/api/v3/index.json&quot; /&gt;
  &lt;/packageSources&gt;
 &lt;/configuration&gt;
 </code></pre><h1 id="contributors">Contributors</h1>
 <p><strong>OpenIddict</strong> is actively maintained by <strong><a href="https://github.com/kevinchalet">Kévin Chalet</a></strong>. Contributions are welcome and can be submitted using pull requests.</p>
 <p><strong>Special thanks to our sponsors for their incredible support</strong>:</p>
 <ul>
 <li><a href="https://github.com/sebastienros">Sébastien Ros</a></li>
 <li><a href="https://github.com/mridentity">mridentity</a></li>
 <li><a href="https://github.com/GDreyV">Andrew</a></li>
 <li><a href="https://github.com/gustavdw">gustavdw</a></li>
 <li><a href="https://github.com/Gillardo">Gillardo</a></li>
 <li><a href="https://github.com/DovydasNavickas">Dovydas Navickas</a></li>
 <li><a href="https://github.com/schmitch">Christian Schmitt</a></li>
 <li><a href="https://github.com/ThreeScreenStudios">Thomas W</a></li>
 <li><a href="https://github.com/torfikarl">torfikarl</a></li>
 <li><a href="https://github.com/lewcianci">Lewis Cianci</a></li>
 <li><a href="https://github.com/florianwachs">Florian Wachs</a></li>
 <li><a href="https://github.com/vaspop">Vasko Poposki</a></li>
 <li><a href="https://github.com/SebastianStehle">Sebastian Stehle</a></li>
 <li><a href="https://github.com/MichaelHochriegl">Michael Hochriegl</a></li>
 <li><a href="https://github.com/sunielreddy">sunielreddy</a></li>
 <li><a href="https://github.com/communicatie-cockpit">Communicatie Cockpit</a></li>
 <li><a href="https://github.com/KeithT">Keith Turner</a></li>
 <li><a href="https://github.com/WGMurray">WGMurray</a></li>
 <li><a href="https://github.com/ThomasBjallas">Thomas Bjallas</a></li>
 <li><a href="https://github.com/pablopioli">Pablo Pioli</a></li>
 <li><a href="https://github.com/mcalasa">Michael Calasanz</a></li>
 </ul>
 <h1 id="license">License</h1>
 <p>This project is licensed under the <strong>Apache License</strong>. This means that you can use, modify and distribute it freely.
 See <a href="http://www.apache.org/licenses/LICENSE-2.0.html">http://www.apache.org/licenses/LICENSE-2.0.html</a> for more details.</p>
 </article>
                </div>
--- a/manifest.json
+++ b/manifest.json
@ -1600,7 +1600,7 @@
      "output": {
        ".html": {
          "relative_path": "guides/getting-started.html",
-          "hash": "w4ot0irGPo6kPbJCtXT9sQ=="
+          "hash": "t2kZFpCKtBBKduSO+k6qBw=="
        }
      },
      "is_incremental": false,
@ -1612,7 +1612,7 @@
      "output": {
        ".html": {
          "relative_path": "guides/index.html",
-          "hash": "GYPiSn0I/fhjecInWBd+sA=="
+          "hash": "2i1j9EFYyn51yKUTnzPKFQ=="
        }
      },
      "is_incremental": false,
@ -1624,7 +1624,7 @@
      "output": {
        ".html": {
          "relative_path": "guides/migration/20-to-30.html",
-          "hash": "tvhWtNPbpiYeQ0xcP1I4oQ=="
+          "hash": "bcR7B44i1TMM5H1VYK42Tw=="
        }
      },
      "is_incremental": false,
@ -1670,7 +1670,7 @@
      "output": {
        ".html": {
          "relative_path": "index.html",
-          "hash": "LDX2KG1mNaZgnySmcrJkYQ=="
+          "hash": "aZ1gAQgzm3iws2tdWkNK3w=="
        }
      },
      "is_incremental": false,
@ -2412,7 +2412,7 @@
      "output": {
        ".html": {
          "relative_path": "toc.html",
-          "hash": "pkjNX/g9gq1U7BbZjUNK4w=="
+          "hash": "iGRuvONZZgBXF6nbovqcdA=="
        }
      },
      "is_incremental": false,
--- a/styles/discord.css
+++ b/styles/discord.css
@ -156,6 +156,11 @@ a.active, a:active
    overflow-y: hidden;
 }
 .content
 {
    text-align: justify;
 }
 .page-title
 {
    margin-block-start: 0;
--- a/toc.html
+++ b/toc.html
@ -6,7 +6,7 @@
          <ul class="nav level1">
                <li>
-                      <a href="guides/index.html" class="sidebar-item" name="guides/toc.html" title="User guides">User guides</a>
+                      <a href="guides/index.html" class="sidebar-item" name="guides/toc.html" title="Guides">Guides</a>
                </li>
                <li>