Resources

The last appendix I want to give you some further reading links and resources that are, you know, worthwhile having a look at when researching these technologies. So let's start with JSON Web Token.

JWT

• JWT debugger - https://jwt.io/#debugger-io

so in one of the demos I used a JSON Web Token debugger, that's a website. We can copy and paste JSON Web Token and it gives you the decoded content, which is very useful.

Microsoft JWT

• Microsof JWT - https://www.nuget.org/packages/System.IdentityModel.Tokens.Jwt/

Then there's the Microsoft JSON Web Token library, that's on NuGet. Specs on JWT

• https://tools.ietf.org/html/draft-ietf-oauth-json-web-token
• https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11
• https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-11

Then, there are the specs for JSON Web Token. There are more specs than that, but these are the three interesting ones. One describes the general format, one describes signatures, and one describes encryption.

Java JWT

• https://bitbucket.org/connect2id/nimbus-jose-jwt

And if you are doing Java, or have Java interrupt scenarios, it has also a pretty popular library on Bitbucket that implements JSON Web Token. And by the way there are more libraries just search for JSON Web Token and php or JSON Web Token and Node.js and you will find many more libraries but since I'm not doing that much work in that space I don't want to recommend anything. Just have a look around, and see what works for your scenario.

For OAuth obviously that there are the specs. The RFC 6749 and 6750. very, very recommended to read, especially if you plan to build an authorization server.

• https://tools.ietf.org/html/rfc6749
• https://tools.ietf.org/html/rfc6750
• https://tools.ietf.org/html/rfc6819 Is the Threat model which is RFC 6819.

Then I used throughout my demos, I used my own library and OAuth authorization server implementation called Thinktechure Identity server and Thinktechture Identity model, respectively. Also when you go into the Thinktecture Identity Model Repository on GitHub, there's a Samples Directory where you can find all the samples I am, I've been showing you in the modules. And also when you're going through the Thinktechure Identity server Github page, there's a Wiki that describes how to do all these interactions like code flow and resource owner flow and implicit flow with identity server.

• https://github.com/identitymodel/Thinktecture.IdentityModel

• https://github.com/IdentityServer/IdentityServer2/wiki

There's another library called DotNetOpenAuth they are more like in the mind set of doing authentication, doing OAuth2, but yeah, you might still find this useful.

And for OpenID Connect again, there's a jump page for all the specs on https://openid.net/connect/. If you want to start reading up to specs, there's a thing called the basic profile. I can recommend reading that first, that describes the code flow that I've been showing you in the slides.

Then I mentioned Google's OpenID Connect implementation, even if they don't call it like that, they call it OAuth2Login, which I don't agree with. Anyways, but here are the links to their documentations.

• https://developers.google.com/identity/protocols/OAuth2
• https://developers.google.com/identity/protocols/OpenIDConnect

There's one is more detailed. Documentation page one is a link to the Google cookbook which has an overview of the many technologies they are supporting and one of them is OpenID Connect. I don't know a reference implementation of OpenID Connect for .net, but I am personally working on one that will part of Thinktechure Identity server, but that's not ready yet.

But if you want to have a look, there's reference implementation for Java.

• https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server It's a spring Java implementation and the people that are contributing to that project are also on the OpenID Connect board. So that's a pretty good implementation.