OpenID Connect Flows
Learn about OpenID Connect's authorization code, implicit, and hybrid flows. See how each flow works, when to use it, and how to secure it.| Scott Brady
Learn about OpenID Connect's authorization code, implicit, and hybrid flows. See how each flow works, when to use it, and how to secure it.| Scott Brady
An explanation of the various OpenID Connect endpoints and what they can be used for.| Scott Brady
A beginners guide to IdentityServer and OpenID Connect, starting with an empty project and ending with a near production ready environment.| Scott Brady
Learn how the UK's Open Banking makes use of OAuth and OpenID Connect.| Scott Brady
Learn how to implement and trigger standards-based step-up authentication using OAuth, OpenID Connect, and SAML.| Scott Brady
A deep dive into OpenID Connect’s ID token, looking at what identity tokens are, what they are not, where to use them, and how to validate them.| Scott Brady
Four different ways of loading Elliptic Curve (EC) keys in .NET for use with Elliptic Curve Digital Signature Algorithms (ECDSA).| Scott Brady
A primer on Sign in with Apple, including an example integration in ASP.NET Core.| Scott Brady
The reasons why OAuth is not an authentication protocol, and why without using open standards such as OpenID Connect, should not be hacked to become one.| Scott Brady
Learn why you should not use OAuth's Resource Owner Password Credentials (ROPC) grant.| Scott Brady
