Tag Archives: Bearer
Securing a Web API using multiple token servers
This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]
Securing an ASP.NET Core MVC application which uses a secure API
The article shows how an ASP.NET Core MVC application can implement security when using an API to retrieve data. The OpenID Connect Hybrid flow is used to secure the ASP.NET Core MVC application. The application uses tokens stored in a cookie. This cookie is not used to access the API. The API is protected using […]
Securing an Angular SignalR client using JWT tokens with ASP.NET Core and IdentityServer4
This post shows how an Angular SignalR client can send secure messages using JWT bearer tokens with an API and an STS server. The STS server is implemented using IdentityServer4 and the API is implemented using ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series Getting started with SignalR using ASP.NET Core and Angular SignalR Group […]
Full Server logout with IdentityServer4 and OpenID Connect Implicit Flow
The article shows how to fully logout from IdentityServer4 using an OpenID Connect Implicit Flow. Per design when using an access token to use protected data from a resource server, even if the client has logged out from the server, the access token can be used so long it is valid (AccessTokenLifetime) as it is […]
