From the course: Building and Securing Restful APIs in .NET

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Using OAuth providers for tokens

Using OAuth providers for tokens - .NET Tutorial

From the course: Building and Securing Restful APIs in .NET

Start my 1-month free trial Buy for my team

Using OAuth providers for tokens

- [Instructor] Another useful way to offload some of the security considerations from your API is to use a third-party provider that validates identities. This might be something like Entra for Microsoft, formerly Azure ID. There are third-parties out there that provide Hosted Solutions. And you can also use In-house Solutions where you have a Standalone Identity Server that does the work of validating credentials and issuing tokens for that user, based on the information they have stored. What are the roles, what are the claims about that user? So in that scenario, when the Client tries to access the API with our HTTPS connection here, they're going to get redirected to the Provider, because they haven't provided a ticket or a token. They'll then authenticate with the Provider. Maybe it's a username and password, maybe there's some other credential type they use, our API doesn't have to worry about that. And when those credentials are validated, they'll get a token or a ticket back…

Contents