• Overview
    • The big Picture
    • Terminology
    • Supported Specifications
    • Packaging and Builds
    • Support and Issues
    • Demo Server
  • Fundamentals
    • Hosting
    • Resources
      • Identity Resources
      • API Scopes
      • API Resources
      • Resource Isolation
    • Clients
    • Users and Logging In
    • Claims
    • Key Management
    • License Key
  • Quickstarts
    • Overview
    • Protecting an API using Client Credentials
    • Interactive Applications with ASP.NET Core
    • ASP.NET Core and API access
    • Using EntityFramework Core for configuration and operational data
    • Building JavaScript client applications
      • JavaScript applications with a backend
      • JavaScript applications without a backend
    • Using ASP.NET Core Identity
  • User Interaction
    • Login
      • Authentication Session
      • Redirecting back to the client
      • Login Context
      • Accepting Local Credentials
      • Integrating with External Providers
      • Dynamic Providers
      • Windows Authentication
    • Logout
      • Logout Context
      • Ending the Session
      • Client Notifications
      • Returning to the Client
      • External Logout
      • External Logout Notification
    • Error
    • Consent
    • Custom Pages
    • Federation Gateway
  • Requesting Tokens
    • Overview
    • Requesting a Token
    • Refreshing a Token
    • Issuing Tokens based on User Passwords
    • Extension Grants
      • Token Exchange
    • Dynamic Request Validation and Customization
    • Issuing internal Tokens
    • Proof-of-Possession Access Tokens
    • Reference Tokens
    • Client Authentication
      • Overview
      • Shared Secrets
      • Private Key JWTs
      • TLS Client Certificates
    • Signed Authorize Requests
    • Calling Endpoints from JavaScript
  • Protecting APIs
    • Protecting APIs using ASP.NET Core
      • Using JWTs
      • Using Reference Tokens
      • Authorization based on Scopes and other Claims
      • Validating Proof-of-Possession
    • Adding API Endpoints to your IdentityServer
  • Data Stores and Persistence
    • Configuration Data
    • Operational Data
      • Grants
      • Keys
    • Entity Framework Integration
  • Diagnostics
    • Logging
    • Events
  • ASP.NET Identity Integration
  • BFF Security Framework
    • Overview
    • Architecture
    • Authentication & Session Management
      • ASP.NET Core Authentication System
      • Session Management Endpoints
      • Server-side Sessions
    • API Endpoints
      • Local APIs
      • Remote APIs
    • Token Management
    • Configuration Options
    • Extensibility
      • Management Endpoints
      • Session Management
      • Token Management
      • Reverse Proxy
  • Deployment
    • Proxy Servers and Load Balancers
    • ASP.NET Core Data Protection
    • IdentityServer Data Stores
    • Distributed Caching
  • Upgrading
    • Duende IdentityServer v5.1 to v5.2
    • Duende IdentityServer v5.0 to v5.1
    • IdentityServer4 v4.1 to Duende IdentityServer v5
    • IdentityServer4 v3.1 to Duende IdentityServer v5
  • Samples
    • Basics
    • User Interaction
    • ASP.NET Identity Integration
    • Windows Authentication
    • Backend for Frontend Pattern
    • Extension Grants and Token Exchange
    • Personal Access Tokens (PAT)
    • Miscellaneous
  • Reference
    • IdentityServer Options
    • DI Extension Methods
    • Endpoints
      • Discovery Endpoint
      • Authorize Endpoint
      • Token Endpoint
      • UserInfo Endpoint
      • Introspection Endpoint
      • Revocation Endpoint
      • End Session Endpoint
      • Device Authorization Endpoint
    • Models
      • Identity Resource
      • API Scope
      • API Resource
      • Client
      • Identity Provider
      • Grant Validation Result
      • Secrets
    • Services
      • Profile Service
      • Persisted Grant Service
      • Refresh Token Service
      • IdentityServer Interaction Service
      • Device Flow Interaction Service
    • Response Generators
      • Authorize Interaction Response Generator
    • Stores
      • Resource Store
      • Client Store
      • CORS Policy Service
      • Identity Provider Store
      • Persisted Grant Store
      • Device Flow Store
      • Signing Key Store
    • Validators
      • Extension Grant Validator
      • Custom Token Request Validator
Edit this page
Home > Quickstarts

Quickstarts

The following hands-on tutorials guide you through a couple of common scenarios.

    Overview

    Protecting an API using Client Credentials

    Interactive Applications with ASP.NET Core

    ASP.NET Core and API access

    Using EntityFramework Core for configuration and operational data

    Building JavaScript client applications

    Using ASP.NET Core Identity