Monday, November 7, 2016

.NET Core Authentication: a taste of what's to come

I've been very busy getting my hands dirty with .NET Core.  It's pretty awesome stuff

The latest endeavor has been to get OpenID Connect to work in 2 directions with ASP.NET Core:

1. Web API server authenticates via JWT thru a Xamarin Android app
2. Regular browseable web pages authenticate via OAuth2/OpenID Connect cookie (I don't fully understand it either but it works!)

Scenario 1 is important because mobile and maybe desktop apps can use this standardized JWT format for API calls in lieu of the likely-proprietary cookie format

Scenario 2 is important because for your web users they want SSO like behavior, which cookies plus OpenID connect provide (i.e. the "sign in with google" button we're all accustomed to seeing)

Importantly, both scenarios are working with Google Sign In.  Thus, in theory, no new account registration required anywhere to be authenticated - presuming you have a Google login of course ;)

I plan to provide example code of how to do all this & understand most of it.  It took a lot of digging around to make it all work!