Miroslav is senior software architect for .NET and JavaScript, employed at Seavus at the position of a technical lead. He uses .NET from version 1.0. From Windows Forms, through WPF and Silverlight, all the way to ASP.NET Core. Currently, he is focused on ASP.NET Core, client-side JavaScript development and software craftsmanship. During his career, he worked on a lot of small and big projects, including a couple of local startups. He was one of the members of the development team for the Kicks platform and one of the moderators for https://javascriptkicks.comhttps://javascriptkicks.com and https://dotnetkicks.com. Besides that, he is an active community member, conference speaker and one of the leaders of "BLbit Banja Luka" user group.
In today's microservice-based software solutions, we have a growing need for centralized authentication and authorization systems. We could use third-party systems like Azure AD or Auth0, or build our own. But, "security is hard"! There are a bunch of different standards, tricks, and ways of implementation. Even the smallest mistake can make your solution vulnerable. To avoid that, when building our own auth system, we could use frameworks and tools like ASP.NET Core Identity and Duende IdentityServer. With Identity, we are getting a membership system with a login. IdentityServer gets us the full implementation of OAuth 2.0 and OpenID Connect standards. We'll take a look at one possible implementation, the things we should take care of, and how to fit that solution with the rest of the system – with different APIs, SPA apps, native apps, etc.