Tag Archives: DPoP

Use client assertions in ASP.NET Core using OpenID Connect, OAuth DPoP and OAuth PAR

February 2, 2026 · by · in .NET, .NET Core, ASP.NET Core, aspire, dotnet, e-id, OAuth2, OpenId, Security · 5 Comments

This post looks at implement client assertions in an ASP.NET Core application OpenID Connect client using OAuth Demonstrating Proof of Possession (DPoP) and OAuth Pushed Authorization Requests (PAR). Code: https://github.com/swiss-ssi-group/swiyu-passkeys-idp-loi-loa Blogs in this series: Setup An ASP.NET code application is setup to authentication using OpenID Connect and OAuth PAR. The web application is an OIDC […]

Implement a secure MCP server using OAuth DPoP and Duende identity provider

November 3, 2025 · by · in .NET Core, ASP.NET Core, Azure, MCP, OAuth2, Open AI, OpenId, Security · 1 Comment

This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider. The MCP server requires delegated DPoP access tokens. Code: https://github.com/damienbod/McpOidcOAuth Setup The UI application authenticates with the Duende IdentityServer using OpenID Connect. Upon successful authentication, a […]

Implement client assertions with client credentials flow using OAuth DPoP

May 12, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorization grant type used for machine-to-machine authentication. DPoP further strengthens the security by ensuring that the client possesses a specific key at the time of the request, forcing […]