Update OpenActive.Server.NET to .NET 7 and remove IdentityServer4

[nickevansuk]

Overview

IdentityServer4 will no longer be supported from 13th December 2022. This includes any maintenance updates or security updates.

• https://www.identityserver.com/articles/identityserver4-eol

IdentityServer4 is a core dependency of this project, and upgrading to .NET 6/7 will break IdentityServer4. The path to upgrade to .NET 7 is likely to replace IdentityServer4 with an alternative solution, as IdentityServer5 is no longer available under an open source license (this blog helpfully explains what’s happened).

OpenActive.Server.IdentityServer should be migrated to use OpenIddict, to ensure that it’s still a truly open source solution that is still maintained.

As per the current architecture maintaining a separation between OpenActive.Server.IdentityServer or similar and OpenActive.Server.NET would likely be desirable - as there are a range of options for implementing OpenID, and keeping OpenActive.Server.NET neutral to those will increase its utility.

Implementation hints

The existing IdentityServer4 project can be found in BookingSystem.AspNetCore.IdentityServer.

This project includes key functionality that implements everything detailed in Day 8 of the Open Booking SDK tutorial.

The project fulfils three key roles:

1. It provides a working implementation of the Open Booking API that Booking System developers can play with, and that Broker developers can code against
2. It provides a reference implementation against which the OpenActive Test Suite can be tested
3. It reduces the time/cost of a new .NET implementation of Open Booking API, allowing developers to leverage the libraries directly and using the example code as a starting point

This upgrade should also keep Section G of the Customer Accounts API 1.0 CR Final Draft in mind, as the project will be built upon by those implementing Customer Accounts API. An existing (but currently closed source) implementation of Customer Accounts API on top of OpenActive.Server.NET is available for reference. Hence where example functionality that supports the Customer Accounts API use case is available in OpenIddict (as it is in the current IdentityServer4 QuickStart), this should be retained such that it can be easily extended in future.

Where possible (and if it makes sense), a library-based approach should be taken as with OpenActive.Server.NET; such that OpenActive.Server.IdentityServer can be used as a dependency in .NET applications that are implementing OpenActive.

OpenActive-specific customisation to the example management GUI of IdentityServer (#154) should be wired up to work with OpenIddict.

The result of this upgrade should not include any IdentityServer dependencies, and pass the current version of the OpenActive Test Suite; in particular the Authentication tests.