Category Archives: WebAPI

Authorization is hard! Slides and Video from NDC Oslo 2017

A while ago I wrote a controversial article about the problems that can arise when mixing authentication and authorization systems – especially when using identity/access tokens to transmit authorization data – you can read it here. In the meanwhile Brock … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 14 Comments

Techorama 2017

Again Techorama was an awesome conference – kudos to the organizers! Seth and Channel9 recorded my talk and also did an interview – so if you couldn’t be there in person, there are some updates about IdentityServer4 and identity in general.

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

Financial APIs and IdentityServer

Right now there is quite some movement in the financial sector towards APIs and “collaboration” scenarios. The OpenID Foundation started a dedicated working group on securing Financial APIs (FAPIs) and the upcoming Revised Payment Service EU Directive (PSD2 – official … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

dotnet new Templates for IdentityServer4

The dotnet CLI includes a templating engine that makes it pretty straightforward to create your own project templates (see this blog post for a good intro). This new repo is the home for all IdentityServer4 templates to come – right … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

New in IdentityServer4: Events

Well – not really new – but redesigned. IdentityServer4 has two diagnostics facilities – logging and events. While logging is more like low level “printf” style – events represent higher level information about certain logical operations in IdentityServer (think Windows security … Continue reading

Posted in ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 3 Comments

NDC London 2017

As always – NDC was a very good conference. Brock and I did a workshop, two talks and an interview. Here are the relevant links: Building JavaScript and mobile/native Clients for Token-based Architectures IdentityServer4: New & Improved for ASP.NET Core … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityModel.OidcClient v2 & the OpenID RP Certification

A couple of weeks ago I started re-writing (an re-designing) my OpenID Connect & OAuth 2 client library for native applications. The library follows the guidance from the OpenID Connect and OAuth 2.0 for native Applications specification. Main features are: Support for OpenID … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | 4 Comments