Clik here to view.
Relationship between IdentityServer and AuthorizationServer
We released a preview version of AuthorizationServer this week. AuthorizationServer is an implementation of the OAuth2 design pattern and helps making API authorization easier. IdentityServer also has...
View ArticleClik here to view.
What’s in an AuthorizationServer Access Token?
The main job of AS is to produce access tokens in the JWT format. The client and the user provide the following input information for that process: Clientapplication (via the endpoint URL), client...
View ArticleClik here to view.
Authentication in AuthorizationServer
AS does not do its own authentication – that’s by design. When you download from the repo, AS is set up to be a WS-Federation relying party. In the configuration folder of the WebHost project you’ll...
View ArticleClik here to view.
Thinktecture IdentityServer v2.2
Every now and then I take a snapshot of the current main branch and package it into a published build. It’s that time again. Have a look here for v2.2:...
View ArticleClik here to view.
30K Downloads of Thinktecture IdentityModel
Thanks for all your feedback and support! Filed under: IdentityModel, WebAPI
View ArticleClik here to view.
NDC Oslo 2013 Slides and Videos
The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides:...
View ArticleClik here to view.
Tracing in Thinktecture.IdentityModel
A very common question is: “my Web API returns a 401. Why?” The easiest way to find out, is to enable tracing in IdentityModel. Add the following code snippet to your web.config:...
View ArticleClik here to view.
IdentityServer: Using WS-Federation with JWT Tokens
WS-Federation is token agnostic – that means you can also use JWT tokens instead of the default SAML ones. Why would you want to do that? Well – JWT’s a slightly more compact which I think is...
View ArticleClik here to view.
Hawk Support in Thinktecture IdentityModel v3.3
I just released v3.3 of IdentityModel to Github and Nuget. It includes the [Scope] attribute for Web API (here) and the clickjacking protection for MVC (here). But the biggest addition is certainly a...
View ArticleClik here to view.
Thinktecture AuthorizationServer v0.5 released
I just uploaded a “feature complete” version of AuthorizationServer to Github. This version has all the features we are planning for v1 – please give us feedback when you think things should work...
View ArticleClik here to view.
Bringing SWT Support back to Thinktecture IdentityModel
When Microsoft released the JWT library, I thought that’s a good opportunity to remove the SWT support from IdentityModel. But it turns out, there are still scenarios for SWT – so I refreshed my old...
View ArticleClik here to view.
Using IdentityServer to issue tokens for Windows Server ServiceBus
Windows Server ServiceBus supports SWT tokens to authorize actions on a SB namespace or entity (e.g. listen, send or manage). In the Azure version of ServiceBus you would use the Azure Access Control...
View ArticleClik here to view.
IdentityServer: Overview of OpenID Connect Basic Client Profile
Filed under: IdentityModel, IdentityServer, OAuth, WebAPI
View ArticleClik here to view.
Two days of Claims-based Identity & Access Control Workshop in London
Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I...
View ArticleClik here to view.
Using AuthorizationServer with Web API v2/Katana–first look
Traditionally we have used Thinktecture.IdentityModel to parse and validate incoming JWT tokens in Web API. The good news is, there is nothing you have to change when moving to Web API v2 – the...
View ArticleClik here to view.
Claims Transformation Middleware for Katana
One missing piece in Katana security/authentication is claims transformation. Fortunately, this is easy to add: public class ClaimsTransformationMiddleware : OwinMiddleware {...
View ArticleClik here to view.
Adding OAuth2 to ADFS (and thus bridging the gap between modern Applications...
AuthorizationServer can be combined with arbitrary authentication methods, but the fact that it comes pre-configured as a WS-Federation relying party, makes it particularly easy to combine it with e.g....
View ArticleClik here to view.
OWIN Claims Transformation Middleware–Take 2
Thanks to some good feedback from @grumpydev, @loudej and Chriss Ross – I changed my original claims transformation middleware (see here). What I learned is, that for better compatibility and...
View ArticleClik here to view.
Thinktecture.IdentityModel v.Next
Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff...
View ArticleClik here to view.
Adding SAML11 and SAML2 Support to Katana/OWIN
Katana has pretty straightforward extensibility for adding support for token formats. It ships with built-in support for JWT (consuming) and their internal token format (consuming & producing). By...
View Article