OAuth has been around for more than 10 years now and has become the standard protocol for token-based security. Like every popular technology that has been growing with its requirements, there are some things which work really well, and some that did not quite stand the test of time.
With the upcoming OAuth 2.1 protocol revision, the protocol has been streamlined and simplified and the specification has been updated to meet modern application and security requirements. At the same time ASP.NET and .NET in general has excellent support for all the parts needed to implement an OAuth-based security system.
This full day workshop teaches you all the OAuth you need to be able to run the most common scenarios. It shows how to utilize practical techniques and libraries in the .NET ecosystem. Besides looking at built-in features of (ASP).NET, we will use free open source libraries from Duende to simplify protocol usage and token handling. We will use Duende.IdentityServer as an example of OAuth Authorization Server that can protect APIs that are called by background service and interactive applications. Finally we introduce OpenID Connect Provider, which adds session handling with single sign on and single logout on top of OAuth.