Posts

Showing posts from December, 2021

OpenID Connect Overview

Image
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.  The OpenID Connect protocol, in abstract, follows the following steps. The RP (Client) sends a request to the OpenID Provider (OP). The OP authenticates the End-User and obtains authorization. The OP responds with an ID Token and usually an Access Token. The RP can send a request with the Access Token to the UserInfo Endpoint. The UserInfo Endpoint returns Claims about the End-User. These steps are illustrated in the following diagram: The primary extension that OpenID Connect makes to OAuth 2.0 to enable End-Users to be Authenticated is the ID Token data structure. The ID Token is a security token that contains Claims about the Authentication of an End-User by an Authorizat...

Introduction of OpenID Connect

Image
OpenID Connect (OIDC) is an open authentication protocol that profiles and extends OAuth 2.0 to add an identity layer. OIDC allows clients to confirm an end user’s identity using authentication by an authorization server. Implementing OIDC on top of OAuth 2.0 creates a single framework that promises to secure APIs, mobile native applications and browser applications in a single, cohesive architecture. What is OAuth 2.0 and how does OAuth 2.0 work? OAuth 2.0 is an authorization framework that delegates user authentication to the service provider that hosts the user account, and authorizes third-party applications to access the user account. OAuth 2.0 provides authorization flows for web applications, desktop applications and mobile devices. By introducing an authorization layer, OAuth 2.0 separates the role of the client from the resource owner, or end user. If the client requests access to resources controlled by the end user and hosted by the resource server, instead of using the end ...

Roslyn Analyzer

Image
Roslyn analyzers provide a live static analysis of you code. They can detect wrong usages of APIs, security issues, performance issues etc.. Many of the code editor functionalities are implemented using Roslyn public APIs such as automatic code formatting and coloring, IntelliSense, code navigation, and refactoring. Microsoft wanted to make the C# and VB compiler useful in other scenarios such as diagnostics, static analysis, source code transformation, etc. To achieve that, Microsoft created a compiler that not only converts source code into binaries but also acts as a service, that provides a public API for understanding the code. In this post, we will understand what is Roslyn Analyzer and how it set it up in your system. Table of Contents What is Roslyn Analyzer? Roslyn public API Setting up Roslyn Wrapping Up WHAT IS ROSLYN ANALYZER? Project Roslyn is a part of the .NET Foundation along with other projects like .NET Runtime. Roslyn is an open-source provider of C# and Visual Basic...