Bristol Meetups

SPA Identity & Access Control with OpenID Connect & IdentityServer 4

SPA Identity & Access Control with OpenID Connect & IdentityServer 4

As software developers, we work in one of the most rapidly changing industries available, and in recent years this has been doubly true when we talk about security. Nowadays we have to accommodate a variety of client applications, hosted on any device, anywhere in the world and this means we must take a closer look at how we handle authentication and authorization when dealing with our protected resources.

In this talk, we’ll take a look at how Single Page Applications, running on a user’s browser, can use OpenID Connect for authentication and OAuth to gain access to data from an API. This will include the limitations of working with the unique security profile of a client side web application, and the measures we must take to secure our data. Once we have covered the basic theory behind identity and access control, OAuth, and OpenID Connect, we will implement IdentityServer 4 as our OpenID Connect Provider and use it to authenticate users for an Angular 4 SPA and authorize access to a ASP.NET Core API.

About Scott Brady

Scott Brady is the Identity & Access Control Lead at Rock Solid Knowledge, a Pluralsight Author, and Speaker. He specializes in IdentityServer and all things Identity, OAuth, and OpenID Connect. He's also a big fan of Azure.

Scott work mainly with C# and ASP.NET Core, creating identity solutions for both external customers and for commercial IdentityServer products. When not working with these technologies he dabbles with languages such as Kotlin, Python, and Typescript.

You can find more information about Scott in his website at scottbrady91.com.