Category Archives: ASP.NET

New in IdentityServer4: Support for Extension Grants

Well – this is not completely new, but we redesigned it a bit. Extension grants are used to add support for non-standard token issuance scenarios to the token endpoint, e.g. translating between token types, delegation, federation, custom input or output … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, WebAPI | Leave a comment

New in IdentityServer4: Default Scopes

Another small thing people have been asking for. The scope parameter is optional in OAuth 2 – but we made the decision that clients always have to explicitly ask for the scopes they want to access. We relaxed this requirement … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 1 Comment

Identity & Access Control for ASP.NET Core Deep Dive

Once a year Brock and I do our three day version of the Identity & Access Control workshop in London. This year it will be all about .NET Core and ASP.NET Core – and a full day on the new IdentityModel2 & … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 1 Comment

IdentityServer4 RC1

Wow – we’re done! Brock and I spent the last two weeks 14h/day refactoring, polishing, testing and refining IdentityServer for ASP.NET Core…and I must say it’s the best STS we’ve written so far… We kept the same approach as before, … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 19 Comments

Trying IdentityServer

We have a demo instance of IdentityServer3 on https://demo.identityserver.io. I already used this for various samples (e.g. the OpenID Connect native clients) – and it makes it easy to try IdentityServer with your clients without having to deploy and configure … Continue reading

Posted in ASP.NET, IdentityServer, OpenID Connect, OWIN, Uncategorized, WebAPI | 2 Comments

Commercial Support Options for IdentityServer

Many customers have asked us for production support for IdentityServer. While this is something we would love to provide, Brock and I can’t do that on our own because we can’t guarantee the response times. I am happy to announce that … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 1 Comment

.NET Core 1.0 is released, but where is IdentityServer?

In short: we are working on it. Migrating the code from Katana to ASP.NET Core was actually mostly mechanical. But obviously new approaches and patterns have been introduced which might, or might not align directly with how we used to … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments