OAuth has been around for more than 10 years now and has become the standard protocol for token-based security. Like every popular technology that has been growing with its requirements, there are some things which work really well, and some that did not quite stand the test of time.

With the upcoming OAuth 2.1 protocol revision, the protocol has been streamlined and simplified and the specification has been updated to meet modern application and security requirements. At the same time ASP.NET and .NET in general has excellent support for all the parts needed to implement an OAuth-based security system.

This full day workshop teaches you all the OAuth you need to be able to run the most common scenarios. It shows how to utilize practical techniques and libraries in the .NET ecosystem. Besides looking at built-in features of (ASP).NET, we will use free open source libraries from Duende to simplify protocol usage and token handling. We will use Duende.IdentityServer as an example of OAuth Authorization Server that can protect APIs that are called by background service and interactive applications. Finally we introduce OpenID Connect Provider, which adds session handling with single sign on and single logout on top of OAuth.

Agenda

1 OAuth Introduction

  • OAuth history and motivation
  • OAuth terminology and architecture
  • OAuth 2.1
  • Typical protocol flows and application scenarios
  • Machine to Machine Communication with Client Credentials Flow
  • Access Tokens
  • Simplifying protocol interactions with Duende.IdentityModel
  • Securing APIs:
    • JWT Bearer authentication handler for ASP.NET
    • ASP.NET Authorization policies

2 Interactive Applications

  • Authorization Code Flow
    • Proof Key for Code Exchange (PKCE)
  • OpenID Connect
  • Session management
  • Refresh tokens
  • Automatic token management with Duende.AccessTokenManagement
  • Web applications in ASP.NET
  • Identity Providers & token services
  • Federation gateways
  • Background Jobs
  • Native/desktop applications (e.g. Windows desktop or mobile apps)
  • SPAs / Blazor applications

Upcoming Workshops

We list all current open enrollment workshops here. Or contact us for an in-house version.
November 21, 2025 (US)

VS Live

  • Location: Orlando, FL
  • Timezone: EST
  • Length: 1 Day
  • Instructor: Roland Guijt