ASP.NET Core Swagger UI Authorization using IdentityServer4

13 June 2018 Identity Server

Swagger

Swagger is a useful tool for creating basic, on the fly API documentation via both a standard JSON format that can then be presented via a UI. These UI’s typically allow you to start making demo requests via the browser. However, once we start protecting our API using OAuth, how do we keep this Swagger documentation functional?

Swagger integration with OAuth authorization servers is relatively well documented, so in this article, we’re going to look at the basics of adding IdentityServer support to an ASP.NET Core API using Swagger and then look at the limitations of this approach and some alternatives that might be worth exploring.

This article will demo both Swashbuckle and NSwag.

Read more

Lessons Learned from Integrating with Blockchain Identity Providers

12 June 2018 Blockchain Identity

A cautionary tale of reinventing the wheel and history repeating itself in the name of blockchain…

Recently, at the European Identity & Cloud Conference (EIC) 2018, I delivered a talk titled ‘Lessons Learned from Integrating with Blockchain Identity Providers”. It’s probably the only time I’m going to give this talk, and it seemed to go down well if only as a cautionary tale, and as an example of past mistakes and failed technologies repeating themselves.

You can find the original slides on SlideShare.

Why Would I Do This?

Back in November/December, this little thing called Bitcoin had a dramatic surge in value, and as a result, there was a rush to put anything and everything “onto the blockchain”. Something about Web 3.0 and ICOs.

OAuth 2.0

This all sounded very exciting to me, and I wanted to get involved. Now, I’m not going to pretend to be an expert on blockchain, but I still wanted to contribute in some way...

Read more

OAuth is Not Authentication

24 April 2018 OAuth

OAuth 2.0

OAuth is not authentication. It’s an authorization protocol, or, better yet, a delegation protocol. It’s for this reason that authentication protocols such as OpenID Connect exist and legacy protocols such as SAML use extension grants to link authentication and delegation.

There are articles on this subject already, but I still regularly see some confusion as to the reasons why on the internet and with new clients. So in this article, I’m going to discuss the key reasons why OAuth on its own does not provide client applications (relying parties) with user authentication.

Read more

Technical Review of Civic's Secure Identity Platform

05 February 2018 Blockchain Identity

Recently I’ve been looking into blockchain for decentralised identity and authentication. I’m not sure how I feel about blockchain for authentication yet, but I can definitely see the befits of having some sort of decentralised identity system. It turns out there are a lot of identity blockchain projects out there already, some even have released products (and yes, others already gone bust).

Civic

I like learning by doing, and from my initial research I’ve found Civic to be one of the more popular platforms. So, what I’m going to do is dig into the technical aspects of the Civic platform and, in a separate article, integrate with it using ASP.NET Core.

Read more