Category Archives: IdentityModel

IdentityServer4 RC2 released

Yesterday we pushed IdentityServer4 RC2 to nuget. There are no big new features this time, but a lot of cleaning up, bug fixing and adding more tests. We might add one or two more bigger things before RTM – but … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

IdentityModel v2 released

IdentityModel is our protocol client library for various OpenID Connect and OAuth 2 endpoints like discovery, userinfo, token, introspection and token revocation. In addition it has some general purpose helpers like generating random numbers, base64 URL encoding, time-constant string comparison … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | Leave a comment

Identity & Access Control for ASP.NET Core Deep Dive

Once a year Brock and I do our three day version of the Identity & Access Control workshop in London. This year it will be all about .NET Core and ASP.NET Core – and a full day on the new IdentityModel2 & … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

Update for authentication & API access for native applications and IdentityModel.OidcClient

The most relevant spec for authentication and API access for native apps has been recently updated. If you are “that kind of person” that enjoys looking at diffs of pre-release RFCs – you would have spotted a new way of dealing … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect, WebAPI | 10 Comments

Identity Videos, Podcasts and Slides from Conference Season 2016/1

My plan was to cut down on conferences and travelling in general – this didn’t work out ;) I did more conferences in the first 6 months of 2016 than I did in total last year. weird. Here are some … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

IdentityModel: OpenID Connect & OAuth 2.0 Client Library for Mobile/Native Applications

Recently we had a couple of customers that needed to connect their native desktop and mobile applications to an OpenID Connect and OAuth 2.0 back-end. We always had samples that showed how to do this, but making them re-usable and cross-platform … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect | 22 Comments

Validating Scopes in ASP.NET 4 and 5

OAuth 2.0 scopes are a way to model (API) resources. This allows you to give logical “names” to APIs that clients can use to request tokens for. You might have very granular scopes like e.g. api1 & api2, or very coarse grained … Continue reading

Posted in ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, Uncategorized, WebAPI | 10 Comments