Category Archives: OAuth

OpenID Connect Client Library for JavaScript/SPA-style Applications

In addition to our native library – Brock successfully certified his JavaScript library with the OpenID Foundation. oidc-client-js is by far the most easy and elegant way I have seen so far for integrating OpenID Connect and OAuth 2 client … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect, Uncategorized | 1 Comment

IdentityModel.OidcClient v2 & the OpenID RP Certification

A couple of weeks ago I started re-writing (an re-designing) my OpenID Connect & OAuth 2 client library for native applications. The library follows the guidance from the OpenID Connect and OAuth 2.0 for native Applications specification. Main features are: Support for OpenID … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | 4 Comments

Bootstrapping OpenID Connect: Discovery

OpenID Connect clients and APIs need certain configuration values to initiate the various protocol requests and to validate identity and access tokens. You can either hard-code these values (e.g. the URL to the authorize and token endpoint, key material etc..) … Continue reading

Posted in OAuth, OpenID Connect, WebAPI | Leave a comment

Trying IdentityServer4

We have a number of options how you can experiment or get started with IdentityServer4. Starting point It all starts at https://identityserver.io – from here you can find all below links as well as our next workshop dates, consulting, production … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityServer4.1.0.0

It’s done. Release notes here. Nuget here. Docs here. I am off to holidays. See you next year.

Posted in .NET Security, ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityServer4 is now OpenID Certified

As of today – IdentityServer4 is official certified by the OpenID Foundation. Release of 1.0 will be this Friday! More details here.

Posted in .NET Security, OAuth, WebAPI | 2 Comments

Identity vs Permissions

We often see people misusing IdentityServer as an authorization/permission management system. This is troublesome – here’s why. IdentityServer (hence the name) is really good at providing a stable identity for your users across all applications in your system. And with … Continue reading

Posted in .NET Security, IdentityServer, OAuth, OpenID Connect, WebAPI | 21 Comments