ASP.NET Core Custom OAuth Server (.NET 7 Minimal Apis C#)

Показать описание

🕰 Timestamps
00:00 Introduction
02:38 Auth code flow recap
03:08 Dev Keys
03:24 Authorization Endpoint
05:14 Authorization Endpoint Request
06:23 PKCE recap
07:43 Authorization Endpoint Response
08:25 Authorization Code
11:08 Testing Authorization Endpoint
14:08 Token Endpoint Base
15:03 Grant Type
15:40 Token Endpoint Request
17:02 Authorization Endpoint Response
17:40 Creating JWT
19:16 Token Endpoint Extension
19:52 Code Verifier & Code Challenge
21:00 Testing Token Endpoint
21:54 Code Challenge Creation Logic
23:24 Code Verifier Validation
27:23 Mapping Claims
30:16 Validation

#aspnetcore #authentication #oauth2

Рекомендации по теме

Комментарии

Well done, appreciate all the Identity videos, granted the officials doc lacks a lot

allinvanguard

Мое почтение, сударь)
Сказку прослушал внимательно)

vadymwork

Very nice video and good explanations!

Quick question: in the token endpoint at 18:03, you set the sub claim to a NewGuid(). What would be the correct implementation if we want to keep track of the user? Should it be added to a new property in the AuthCode class and set during the Authorization endpoint? And then if we want to add other claims, a database lookup should occur in the token endpoint, am I right? Thanks for clarifying this!

Keep the good work :) I hope you'll make an OpenId Connect video soon!

yonibauduin

Anton, for parsing a query string (will work for any string that looks like a query string), you can use the the method.

JohnOliverAtHome

That was awesome.
Question: How do you handle `Challenge` in this case? Like how do you provide login form for the users to sign in if they navigate to [Authorize] pages?
Also how do you provide Consent screen in this setup? Can you please elaborate on that? Maybe create a new video on that? Thank you!

fieryscorpion

hey anton, you've already created another identity server, super amazing video I would love to see any small actual example using blazor wasm and webapi with oauth2.1 video !!

prathameshshende

Thank you Anton great knowledge sharing

ezmooj

I live in Latvia and here we have many free courses to help beginners start their IT career

maria_sss

Спасибо за доходчивое разъяснение материала. Еле смог подписаться на патрионе. Только никак не могу понять с конечной точкой /oauth/custom-cb. У меня ошибка при редиректе. В клиенте не нашел описания и в серверной части тоже

kodastr

Increíble project, do you have a code example? Or how can get that? Greetings from México

RicardoJosue

I go nuts. I don't understand how I can read login information in token endpoint so I can load the claims and pass them to client with token. Please help pipez

kostjaparanoid

Wonderfull entry and intro, LMAO, but good tuto 😂😂

damientohin

Is there any possibility to find this project uploaded on GitHub in the near future?

riccardoparolini

Can I ask you if it is possible, once the web api has been authenticated, at the same time to protect certain actions of the webapi with authorization by checking the token received?
Anyway, congratulations, a truly complete job

-matt_p-

Bro, you'r rock! What about the client app logout? I'm trying to make a UI in the authorization server where the user can choose a bunch of client apps and then log in, kinda a sso. If the user log out from authorization server, the cookie in the client still work. I think i am messing up with the concepts pretty hard lol

Dms

What can I do if I want that the endpoint GET /login be a complete html file including styles, js and more? not just a plain html with two inputs. Thanks in advance!! And great video by the way.

garciacgera

Hi Anton, could you say where did client pass parameters like for example "code_challange" or "code_challange_method" in the AuthorisationEndpoint class?

rahimliparviz

Can you help me with this error?
Although, I coded TokenEndpoint endpoint but got error
" The input does not contain any JSON tokens. Expected the input to start with a valid JSON token, when isFinalBlock is true "

uctran

Great video. Thanks for your effort.

I got one question. I want to check for client id and client secret for multiple clients. Where is the best place to validate? Is it login page post handler or Authorization handler? Where can I find the client secret inside authorization url? Thank you in advance

abdullauthan

Great tutorial !!!! i have one question btw, there is a way in which i can validate the client secret in the server side ?

freddycastelblancomacias

ASP.NET Core Custom OAuth Server (.NET 7 Minimal Apis C#)

ASP.NET Core Custom OAuth Server (.NET 7 Minimal Apis C#)

ID Tokens VS Access Tokens: What's the Difference?

OAuth 2 Explained In Simple Terms

Authentication made easy with ASP.NET Core Identity in .NET 8

ASP.NET Core Authentication Simplified | .NET Conf 2023

OAuth 2.0 explained with examples

Adding an OAuth 2.0 Security Scheme to an ASP.NET Core 5 API

🔐 ASP.NET Core Authentication: JWT token validation using OpenID Connect (OIDC)

Implement OAuth 2.0 Authorization, ASP.NET web API

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

Live Coding OAuth using OpenIddict and .NET

Custom Auth Policies Are INSANELY Powerful!

Automated OAuth Access Token Management for .NET Workers and ASP.NET Web Applications

The .NET 8 Auth Changes You Must Know About!

Adding JWT Authentication & Authorization in ASP.NET Core

.NET 8 Authentication with Identity in a Web API with Bearer Tokens & Cookies 🔒

oAuth for Beginners - How oauth authentication🔒 works ?

ASP.NET Core OAuth Authorization (.NET 7 Minimal Apis C#)

Introduction to IdentityServer for ASP.NET Core

Implementing API Key Authentication in ASP.NET Core

.NET CORE, OAuth, and OpenID Connect

What Is Single Sign-on (SSO)? How It Works

Implement OAuth2 and OpenID Connect (Using IdentityServer4) in ASP.NET Core 5

Create Identity Server 4 in .net core to secure Public microservices