Category Archives: OAuth

Fixing OAuth 2.0 with OpenID Connect?

I didn’t like Nat’s Fixing OAuth? post. “For protecting a resource with low value, current RFC6749 and RFC6750 with an appropriate constraint should be good enough…For protecting a resource whose value is higher than a certain level, e.g., the write … Continue reading

Posted in IdentityServer, OAuth, OpenID Connect, WebAPI | 8 Comments

.NET Core 1.0 is released, but where is IdentityServer?

In short: we are working on it. Migrating the code from Katana to ASP.NET Core was actually mostly mechanical. But obviously new approaches and patterns have been introduced which might, or might not align directly with how we used to … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Update for authentication & API access for native applications and IdentityModel.OidcClient

The most relevant spec for authentication and API access for native apps has been recently updated. If you are “that kind of person” that enjoys looking at diffs of pre-release RFCs – you would have spotted a new way of dealing … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect, WebAPI | 7 Comments

Identity Videos, Podcasts and Slides from Conference Season 2016/1

My plan was to cut down on conferences and travelling in general – this didn’t work out ;) I did more conferences in the first 6 months of 2016 than I did in total last year. weird. Here are some … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

IdentityModel: OpenID Connect & OAuth 2.0 Client Library for Mobile/Native Applications

Recently we had a couple of customers that needed to connect their native desktop and mobile applications to an OpenID Connect and OAuth 2.0 back-end. We always had samples that showed how to do this, but making them re-usable and cross-platform … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect | 16 Comments

IdentityServer4 on ASP.NET Core RC2

This week was quite busy ;) Besides doing a couple of talks and workshops at SDD in London – we also updated all the IdentityServer4 bits to RC2. Many thanks to all the people in the community that were part … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 9 Comments

NDC London 2016 Wrap-up

NDC has been fantastic again! Good fun, good talks and good company! Brock and I did the usual 2-day version of our Identity & Access Control workshop at the pre-con. This was (probably) the last time we ran the 2-day … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 9 Comments