Public Review Period for Proposed Second Implementer’s Draft of OpenID Connect Native SSO for Mobile Apps The OpenID Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft:OpenID Connect Native SSO for Mobile Apps 1.0This would be the second Implementer’s Draft of this specification.An Implementer’s Draft is a stable version of a specification| OpenID Foundation - Helping people assert their identity wherever they choose
Understanding silent refresh and how to implement it using Angular CLI and oidc-client| Scott Brady - scottbrady.io
Tutorial for getting the node oidc-provider library up and running.| Scott Brady - scottbrady.io
This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The i…| Software Engineering
A deep dive into OpenID Connect’s ID token, looking at what identity tokens are, what they are not, where to use them, and how to validate them.| Scott Brady
A primer on Sign in with Apple, including an example integration in ASP.NET Core.| Scott Brady
How to add support for PKCE to your ASP.NET Core OpenID Connect client application.| Scott Brady
It's not the identity provider, it's you. Methods for debugging redirect loops when using OpenID Providers such as IdentityServer4.| Scott Brady - scottbrady.io
The official voting period will be between Tuesday, December 17, 2024 and Tuesday, December 24, 2024 (12:00pm PT), once the 45 day review of the specification has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Tuesday, December 10, 2024.The AB Connect work group page is https://openid.net/wg/connect/.| OpenID Foundation - Helping people assert their identity wherever they choose
The OpenID Foundation recommends that the CFPB mandate a standardized Communications Protocol for US open banking. It highlights key security and market risks.| OpenID Foundation - Helping people assert their identity wherever they choose
This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the u…| Software Engineering
Decentralized identity is set to make a big impact on how APIs are accessed and secured. We cover a relevant recent talk from Jacob Ideskog.| Nordic APIs
In this article, we look at how we can fix the keycloak Oauth2 OIDC logout issue with Spring Cloud Gateway| RefactorFirst
In this article, we will be exploring how we can integrate a resource server with an API gateway that is integrated with Keycloak and enable role-based access control (RBAC)| RefactorFirst
In this article, we would be looking at how we can integrate Keycloak with Spring Cloud Gateway using the OAuth2 OpenId Connect (OIDC).| RefactorFirst
Azure API Management is an API gateway that can be used to publish APIs to the Internet. It provides features such as per-developer API keys, request throttling and request authentication. One of the way requests can be authenticated is through standard OAuth2 bearer tokens. I assume that the most common scenario is to use Azure AD to issue those tokens. But if an organisation is not that cloud enabled yet and the users are in an on prem AD, the natural token issuer is to use ADFS. And ADFS o...| Passion for Coding
Externalizing user accounts, what is he thinking? The previous post should give you a clear view what this means and why you should consider it. This post will go a into details of “delegating login” to a separate application.| Coding Stephan