Monthly Archives: July 2016

Fixing OAuth 2.0 with OpenID Connect?

I didn’t like Nat’s Fixing OAuth? post. “For protecting a resource with low value, current RFC6749 and RFC6750 with an appropriate constraint should be good enough…For protecting a resource whose value is higher than a certain level, e.g., the write … Continue reading

Posted in IdentityServer, OAuth, OpenID Connect, WebAPI | 13 Comments

.NET Core 1.0 is released, but where is IdentityServer?

In short: we are working on it. Migrating the code from Katana to ASP.NET Core was actually mostly mechanical. But obviously new approaches and patterns have been introduced which might, or might not align directly with how we used to … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

Update for authentication & API access for native applications and IdentityModel.OidcClient

The most relevant spec for authentication and API access for native apps has been recently¬†updated. If you are “that kind of person” that enjoys looking at diffs of pre-release RFCs – you would have spotted a new way of dealing … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect, WebAPI | 10 Comments