Monthly Archives: September 2016

New in IdentityServer4: Resource Owner Password Validation

Posted on September 29, 2016 by Dominick Baier

Not completely new, but re-designed. In IdentityServer3, we used the user service for both interactive as well as non-interactive authentication. In IdentityServer4, the interactive authentication is done by the UI. OAuth 2 resource owner password validation is disabled by default … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, WebAPI | 5 Comments

New in IdentityServer4: Support for Extension Grants

Posted on September 20, 2016 by Dominick Baier

Well – this is not completely new, but we redesigned it a bit. Extension grants are used to add support for non-standard token issuance scenarios to the token endpoint, e.g. translating between token types, delegation, federation, custom input or output … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, WebAPI | Leave a comment

New in IdentityServer4: Default Scopes

Posted on September 14, 2016 by Dominick Baier

Another small thing people have been asking for. The scope parameter is optional in OAuth 2 – but we made the decision that clients always have to explicitly ask for the scopes they want to access. We relaxed this requirement … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 5 Comments

Identity & Access Control for ASP.NET Core Deep Dive

Posted on September 13, 2016 by Dominick Baier

Once a year Brock and I do our three day version of the Identity & Access Control workshop in London. This year it will be all about .NET Core and ASP.NET Core – and a full day on the new IdentityModel2 & … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

New in IdentityServer4: Clients without Secrets

Posted on September 13, 2016 by Dominick Baier

Over the next weeks I will do short blog posts about new features in IdentityServer4. The primary intention is to highlight a new feature and then defer to our docs for the details (which will also force me to write … Continue reading

Posted in IdentityServer, OAuth, OpenID Connect, WebAPI | 1 Comment

IdentityServer4 RC1

Posted on September 6, 2016 by Dominick Baier

Wow – we’re done! Brock and I spent the last two weeks 14h/day refactoring, polishing, testing and refining IdentityServer for ASP.NET Core…and I must say it’s the best STS we’ve written so far… We kept the same approach as before, … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 19 Comments