Clik here to view.
IdentityServer: Preview of the OpenID Connect Basic Client Profile
The mid term plan is that OpenID Connect will replace the plain OAuth2 endpoints in IdentityServer. As a first step, I just checked in a preview of the OIDC basic client profile support (see this doc)....
View ArticleClik here to view.
IdentityServer: Overview of OpenID Connect Basic Client Profile
Filed under: IdentityModel, IdentityServer, OAuth, WebAPI
View ArticleClik here to view.
The future of OAuth2 and OpenID Connect in IdentityServer
We are very close to an implementation of the OpenID Connect “Basic Client Profile”. This is the “OAuth2 sign-in” feature in IdentityServer that most people want – just done right. In addition we have...
View ArticleClik here to view.
Two days of Claims-based Identity & Access Control Workshop in London
Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I...
View ArticleClik here to view.
Using AuthorizationServer with Web API v2/Katana–first look
Traditionally we have used Thinktecture.IdentityModel to parse and validate incoming JWT tokens in Web API. The good news is, there is nothing you have to change when moving to Web API v2 – the...
View ArticleClik here to view.
Claims Transformation Middleware for Katana
One missing piece in Katana security/authentication is claims transformation. Fortunately, this is easy to add: public class ClaimsTransformationMiddleware : OwinMiddleware {...
View ArticleClik here to view.
Adding OAuth2 to ADFS (and thus bridging the gap between modern Applications...
AuthorizationServer can be combined with arbitrary authentication methods, but the fact that it comes pre-configured as a WS-Federation relying party, makes it particularly easy to combine it with e.g....
View ArticleClik here to view.
Thinktecture IdentityModel and Web API v2 / Katana
If you are using IdentityModel and the AuthenticationHandler to secure your Web APIs – we have some good and some bad news. The good news is, that IdentityModel continues to work in Web API v2 when...
View ArticleClik here to view.
OWIN Claims Transformation Middleware–Take 2
Thanks to some good feedback from @grumpydev, @loudej and Chriss Ross – I changed my original claims transformation middleware (see here). What I learned is, that for better compatibility and...
View ArticleClik here to view.
Using AuthorizationServer with Nancy
Yesterday I tried to find out what it takes to connect a Nancy application to AuthorizationServer. Given the OWIN promise, the “hard parts” like JWT validation should come for free now: public class...
View ArticleClik here to view.
Thinktecture.IdentityModel v.Next
Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff...
View ArticleClik here to view.
Adding SAML11 and SAML2 Support to Katana/OWIN
Katana has pretty straightforward extensibility for adding support for token formats. It ships with built-in support for JWT (consuming) and their internal token format (consuming & producing). By...
View ArticleClik here to view.
Retrieving bearer tokens from alternative locations in Katana/OWIN
The Katana bearer token authentication middleware tries to retrieve tokens from the HTTP Authorization header with a scheme of Bearer by default. You can customize this behavior by providing a so...
View ArticleClik here to view.
Thinktecture AuthenticationHandler for Web API v2
Here I mentioned that there are some incompatibilities between AuthenticationHandler and Web API v2/OWIN hosting. As part of making Thinktecture.IdentityModel more modular – I updated the...
View ArticleClik here to view.
Thinktecture AuthorizationServer v1.0
Six months ago we released the first preview version of AS to the public. Since then happened quite a bit. We went feature complete for v1, did some bug fixing and used AS in a number of customer...
View ArticleClik here to view.
Client Certificate Authentication Middleware for Katana
Katana has no middleware to turn SSL client certificates into a ClaimsIdentity. And since I am currently collecting material for my upcoming Web API security course I used the opportunity to experiment...
View ArticleClik here to view.
Authorization Servers are good for you (and your Web APIs)
An authorization server is a very important architectural component when it comes to Web API security – think of it as a traffic cop between clients, users and resources. The OAuth2 spec defines it as...
View ArticleClik here to view.
Adding Refresh Tokens to a Web API v2 Authorization Server
In the last post I showed how to add a simple username/password (aka resource owner password credentials flow) authorization server to Web API v2. This has several advantages: The client does not need...
View ArticleClik here to view.
Thinktecture.IdentityModel.Client v1.0
As part of the restructuring work of IdentityModel, I separated the HTTP and OAuth2 client bits into a separate project. The nice side effect of this is that the client library is now portable and can...
View ArticleClik here to view.
Dissecting the Web API Individual Accounts Template–Part 1: Overview
The Web API v2 Individual Accounts template shows off some quite popular application scenarios, e.g. username/password authentication with local accounts (including create account, change/set password)...
View Article