I use IdentityServer to manage access to a few client APIs with the configuration details stored in SQL. The one downside to using IdentityServer is that there doesn’t yet seem to be a good option for administration of credentials, though Skoruba.IdentityServer4.Admin certainly looks promising.

In order to add new clients I therefore just insert into the underlying SQL tables, this is all pretty obvious apart from for the secrets tables (ApiSecrets, ClientSecrets) which take a hash of the secret, not the secret itself.

The value to be inserted is the SHA256 hash of your secret but this hash also needs to be Base64 encoded. This can be generated with the following SQL code from this stackoverflow answer.

DECLARE @HASHBYTES VARBINARY(128) = hashbytes('sha2_256', N'secret')
SELECT cast(N'' as xml).value('xs:base64Binary(sql:variable("@HASHBYTES"))', 'varchar(128)');


Leave a Reply

Avatar placeholder

Your email address will not be published.