OpenID Connect Flows
Learn about OpenID Connect's authorization code, implicit, and hybrid flows. See how each flow works, when to use it, and how to secure it.| Scott Brady
Learn about OpenID Connect's authorization code, implicit, and hybrid flows. See how each flow works, when to use it, and how to secure it.| Scott Brady
An explanation of the various OpenID Connect endpoints and what they can be used for.| Scott Brady
A beginners guide to IdentityServer and OpenID Connect, starting with an empty project and ending with a near production ready environment.| Scott Brady
Learn how OpenID Connect (OIDC) extends OAuth 2 by adding a layer of identity, solving user authentication and Single Sign-On (SSO).| Scott Brady
Learn how JSON Web Encryption (JWE) works with a walkthrough of the token format, best practices, and the encryption algorithms available to you.| Scott Brady
Learn how to implement and trigger standards-based step-up authentication using OAuth, OpenID Connect, and SAML.| Scott Brady
Learn how OAuth Proof-Key for Code Exchange (PKCE) does not replace client authentication (e.g. secrets) and why you should use both where possible.| Scott Brady
Avoid a common OAuth pitfall by learning how OAuth consent and access tokens differ from user-level authorization policies.| Scott Brady
A primer on Sign in with Apple, including an example integration in ASP.NET Core.| Scott Brady
How to encrypt identity tokens in IdentityServer4 and decrypt them in ASP.NET Core.| Scott Brady
Learn why you should not use OAuth's Resource Owner Password Credentials (ROPC) grant.| Scott Brady
