Tag Archives: OAuth

Digital Authentication and Identity validation

December 20, 2025 · by · in e-id, OAuth2, OpenId, Security, Self Sovereign Identity · Leave a comment

This post looks at authentication and identity validation and describes what should be validated and some of the concepts. With the increasing push to move processes to a digital world and the new threat models, authentication and identity validation MUST be implemented in a professional way. Using standards like OpenID Connect, OAuth and OpenID VCs […]

Implement a secure MCP server using OAuth DPoP and Duende identity provider

November 3, 2025 · by · in .NET Core, ASP.NET Core, Azure, MCP, OAuth2, Open AI, OpenId, Security · 1 Comment

This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider. The MCP server requires delegated DPoP access tokens. Code: https://github.com/damienbod/McpOidcOAuth Setup The UI application authenticates with the Duende IdentityServer using OpenID Connect. Upon successful authentication, a […]

Experimental alternative flow for OAuth First-Party Applications

June 10, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 1 Comment

This post looks at an alternative way of implementing a native app authentication and authorization. At present, a web browser is used to implement authentication of native applications when using OAuth and OpenID Connect. The alternative approach implemented in the post is based on the OAuth 2.0 for First-Party Applications draft and adapted to be […]

Implement client assertions with client credentials flow using OAuth DPoP

May 12, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorization grant type used for machine-to-machine authentication. DPoP further strengthens the security by ensuring that the client possesses a specific key at the time of the request, forcing […]

Implement client assertions for OAuth client credential flows in ASP.NET Core

April 21, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This blog implements client assertions using an OAuth client credential flow in ASP.NET Core. Client assertions provide a secure way for client authentication without sharing a secret, enhancing the security the OAuth client credentials flow. By using JSON Web Tokens (JWTs) client assertions, this approach ensures strong client identity (application) verification and mitigates risks associated […]

ASP.NET Core user application access token management

January 20, 2025 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security · 3 Comments

This article looks at management application access tokens in an ASP.NET Core web application. Any application with or without a user can use application access tokens as long as the application can persist the tokens in a safe way. Code: https://github.com/damienbod/token-mgmt-ui-application Blogs in this series Setup The ASP.NET Core web application authenticates using OpenID Connect […]

Add a Swagger UI using a .NET 9 Json OpenAPI file

August 12, 2024 · by · in .NET, ASP.NET Core, OAuth2, Security · 1 Comment

This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production target. Sometimes, it is required to deploy the Swagger UI to a development deployment target and not the test or […]

Implementing an ASP.NET Core API with .NET 9 and OpenAPI

August 6, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we used excellent solutions like NSwag to produce the API schemas which can be used to auto-generate client code. Code: https://github.com/damienbod/WebApiOpenApi Setup A .NET 9 […]

Delegated read and application write access to blob storage using ASP.NET Core with Entra ID authentication

February 26, 2024 · by · in .NET Core, ASP.NET Core, dotnet · 5 Comments

This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the user access and to implement the authentication of the web application. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series The solution provides a secure upload […]

Issue and verify BBS+ verifiable credentials using ASP.NET Core and trinsic.id

October 9, 2023 · by · in .NET Core, ASP.NET Core, OAuth2, Security, Self Sovereign Identity · 2 Comments

This article shows how to implement identity verification in a solution using ASP.NET Core and trinsic.id, built using an id-tech solution based on self sovereign identity principals. The credential issuer uses OpenID Connect to authenticate, implemented using Microsoft Entra ID. The edge or web wallet authenticates using trinsic.id based on a single factor email code. […]

Older posts