SSO and Identity Server 4 (edit)
Introduction to Identity on ASP.NET Core | Microsoft Docs
+ OAuth is for Authorization, not authentication.
+ If you want to Authenticate, use OpenIdConnect (OIDC)
IdentityServer4: Building a Simple Token Server and Protecting Your ASP.NET Core APIs with JWT (vmsdurano.com) (HAY HAY HAY) (SOURCE CODE)
c# - .NET Core Identity Server 4 Authentication VS Identity Authentication - Stack Overflow (HAY)
IdentityServer4 Integration with ASP.NET Core - Code Maze (code-maze.com)
Working with Identity Server 4 - Simple Talk (red-gate.com) (HAY HAY HAY) (SOURCE CODE)
ASP.NET Core Identity Series – OAuth 2.0, OpenID Connect & IdentityServer – chsakell's Blog
chsakell/aspnet-core-identity: ASP.NET Core Identity Series (github.com) (SOURCE CODE)
IdentityServer Single Sign-on Products & Services (IdentityServer.com)
Duende Software (IdentityServer4.io)
OAuth 2.0 & OpenID Connect to the rescue
Fortunately OAuth protocol introduced and along with OpenID Connect provided a wide range of options for properly securing applications in the cloud. In the world of .NET applications this was quickly connected with an open source framework named IdentityServer which allows you to integrate all the protocol implementations in your apps. IdentityServer made Token-based authentication, Single-Sign-On, centralized and restricted API access a matter of a few lines of code. What this post is all about is to learn the basic concepts of OAuth 2.0 & OpenID Connect so that when using IdentityServer in your .NET Core applications you are totally aware of what’s happening behind the scenes. The post is a continuation of the ASP.NET Core Identity Series where the main goal is to understand ASP.NET Core Identity in depth. More specifically here’s what’s we gonna cover:
- Explain what OAuth 2.0 is and what problems it solves
- Learn about OAuth 2.0 basic concepts such as Roles, Tokens and Grants
- Introduce OpenID Connect and explain its relation with OAuth 2.0
- Learn about OpenID Connect Flows
- Understand how to choose the correct authorization/authentication flow for securing your apps
- Learn how to integrate IdentityServer to your ASP.NET Core application
OpenID Connect
When describing OAuth 2.0 we said that its purpose is to issue access tokens in order to provide limited access to protected resources, in other words OAuth 2.0 provides authorization but it doesn’t provide authentication. The actual user is never authenticate directly with the client application itself. Access tokens provide a level of pseudo-authentication with no identity implication at all. This pseudo-authentication doesn’t provide information about when, where or how the authentication occurred. This is where OpenID Connect enters and fills the authentication gap or limitations in OAuth 2.0.
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables clients to verify the identity of the End-User based on the authentication performed by an authorization server. It obtains basic profile information about the End-User in an interoperable and REST-like manner (introduction of new REST endpoints). It uses Claims to communicate information about the End-User and extends OAuth in a way that cloud based applications can:
- Get identity information
- Retrieve details about the authentication event
- Allow federated Single Sign On
External provider authentication & registration strategy
- Step by step guides for enabling external provider authentication
React JS
React JWT Authentication (without Redux) example - BezKoder
React Refresh Token with JWT and Axios Interceptors - BezKoder
React Hooks: JWT Authentication (without Redux) example - BezKoder
In-depth Introduction to JWT-JSON Web Token - BezKoder
React Hooks File Upload example with Axios & Progress Bar - BezKoder
React Hooks CRUD example with Axios and Web API - BezKoder
React.js CRUD example to consume Web API - BezKoder
Cookie Authentication
External Login Providers in ASP.NET Core - The Blinking Caret
