OAuth has been around for more than 10 years now and has become the standard protocol for token-based security. Like every popular technology that has been growing with its requirements, there are some things which work really well, and some that did not quite stand the test of time.

With the upcoming OAuth 2.1 protocol revision, the protocol has been streamlined and simplified and the specification has been updated to meet modern application and security requirements. At the same time ASP.NET and .NET in general has excellent support for all the parts needed to implement an OAuth-based security system.

This full day workshop teaches you all the OAuth you need to be able to run the most common scenarios. It shows how to utilize practical techniques and libraries in the .NET ecosystem. Besides looking at built-in features of (ASP).NET, we will use free open source libraries from Duende to simplify protocol usage and token handling. We will use Duende.IdentityServer  as an example of OAuth Authorization Server that can protect APIs that are called by background service and interactive applications. Finally we introduce OpenID Connect Provider, which adds session handling with single sign on and single logout on top of OAuth.

Goals

This workshop is your chance to get a high level overview of all these security-related technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with enterprise identity management systems.

After attending this workshop you will have a good understanding of the core concepts and be ready to start implementing a modern identity and access management solution.

You will learn:

• What problems OAuth was created to solve.
• The most commonly used scenarios for OAuth: Machine-to-machine communication and user interactive applications.
• Access token retrieval.
• JWT tokens and how to validate them in an API.
• Calling APIs on behalf of the user in interactive applications.
• What additional functionality OpenID Connect supplies on top of OAuth.
• Access token lifetime management for interactive applications through refresh tokens.
• Integrating OAuth and OpenID Connect into different kinds of applications:
  • ASP.NET web applications.
  • Background services.
  • Native/desktop applications (e.g. mobile apps)
  • SPAs / Blazor applications

A full day of Lectures, Demos, and Labs

The workshop consists of lectures, interactive coding demos and labs. There are also a couple of labs where you get the chance to try out the concepts learnt by yourself.

If delivered online, the workshop is usually split into to half-day blocks.

Technologies covered

.NET, ASP.NET Core, MVC, Web APIs, Claims, Authentication, Authorization, OpenID Connect, OAuth 2.0, OAuth 2.1, JSON Web Tokens (JWT), Single Sign-on and off, Single Page Applications (SPA), Backend for Frontend Pattern (BFF), Mobile/Native Client Applications, Machine-to-Machine API calls, Token Lifetimes and Management.