Tag Archives: OAuth

Handling Access Tokens for private APIs in ASP.NET Core

This article shows how to persist access tokens for a trusted ASP.NET Core application which needs to access secure APIs. These tokens which are persisted are not meant for public clients, but are used for the service to service communication. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Posts in this series: Securing an ASP.NET Core MVC application which uses a […]

Securing browser based Javascript, Typescript applications

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

ASP.NET Core OAuth Device Flow Client with IdentityServer4

This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History 2019-02-24 Updated packages, API calls Note: The code in the […]

OAuth using OIDC Authentication with PKCE for a .NET Core Console Native Application

This article shows how to use a .NET Core console application securely with an API using the RFC 7636 specification. The app logs into IdentityServer4 using the OIDC authorization code flow with a PKCE (Proof Key for Code Exchange). The app can then use the access token to consume data from a secure API. This […]