SPA Identity and Access Control with OpenID Connect and IdentityServer4

Scott Brady
Scott Brady

Back in September 2017, I spoke at the .NET South West user group, and I’ve just realized that this is the first time one of my talks has made it online. I thought it was worthwhile sharing, especially since it’s a talk I probably won’t be doing again.

It’s always odd seeing yourself on camera, but I’m fairly happy with how well this talk went, especially considering that this talk took place on one of the few nights in September that I was actually at home/in the country (sorry again, Rachel).

It’s a shame that the audience questions didn’t make the final cut, as this was easily the most interactive crowds I’ve ever had. Thanks again to .NET South West for having me and to Pusher for recording and editing the talk.


Talk Details

In this talk, we’ll take a look at how Single Page Applications, running on a user’s browser, can use OpenID Connect for authentication and OAuth to gain access to data from an API. This will include the limitations of working with the unique security profile of a client-side web application, and the measures we must take to secure our data. Once we have covered the basic theory behind identity and access control, OAuth, and OpenID Connect, we will implement IdentityServer 4 as our OpenID Connect Provider and use it to authenticate users for an Angular 4 SPA and authorize access to an ASP.NET Core API.

Source Code

Source code for the examples I used in this talk is available on GitHub.