Back in 2017 we announced the end of IdentityServer3 maintenance. This excluded security bug fixes. As of the 1st of July 2019 Microsoft officially ended support for Katana 3. This means that the p…| leastprivilege.com
Learn how OpenID Connect (OIDC) extends OAuth 2 by adding a layer of identity, solving user authentication and Single Sign-On (SSO).| Scott Brady
A deep dive into OpenID Connect’s ID token, looking at what identity tokens are, what they are not, where to use them, and how to validate them.| Scott Brady
Avoid a common OAuth pitfall by learning how OAuth consent and access tokens differ from user-level authorization policies.| Scott Brady
An OpenSSL cheat sheet for creating RSA private keys, public keys, and certificates for use with RSASSA-PKCS1-v1_5 and RSASSA-PSS.| Scott Brady
How to use ES256 to sign JWTs in IdentityServer4 while still supporting RS256 for backward compatibility.| Scott Brady
How to outsource IdentityServer4 JWT signing to Azure Key Vault. No private keys were downloaded in the making of this article.| Scott Brady - scottbrady.io
Give your ASP.NET 4.x apps a refresh with the latest OWIN updates and Proof Key for Code Exchange| Scott Brady
How to add support for PKCE to your ASP.NET Core OpenID Connect client application.| Scott Brady
A cheat sheet for choosing the right way to securely access an API when using a browser-based application such as a JavaScript SPA.| Scott Brady - scottbrady.io
How to keep your DBA happy by implementing your own IdentityServer4 data store.| Scott Brady - scottbrady.io
Removing application passwords from OAuth by using JWT Bearer Tokens, including ASP.NET Core and IdentityServer4 usage.| Scott Brady
How to handle delegation scenarios using OAuth Token Exchange, for use with microservices and API gateways.| Scott Brady
OpenID Connect Discovery 1.0 incorporating errata set 2| openid.net
OpenID Connect Core 1.0 incorporating errata set 2| openid.net
