• Overview
    • The big Picture
    • Terminology
    • Supported Specifications
    • Packaging and Builds
    • Support and Issues
    • Security best-practices
    • Demo Server
    • Glossary
  • Fundamentals
    • Hosting
    • Resources
      • Identity Resources
      • API Scopes
      • API Resources
      • Resource Isolation
    • Clients
    • Users and Logging In
    • Claims
    • Key Management
    • License Key
  • Quickstarts
    • Overview
    • Protecting an API using Client Credentials
    • Interactive Applications with ASP.NET Core
    • ASP.NET Core and API access
    • Using EntityFramework Core for configuration and operational data
    • Using ASP.NET Core Identity
    • Building JavaScript client applications
      • JavaScript applications with a backend
      • JavaScript applications without a backend
    • Building Blazor WASM client applications
  • User Interaction
    • Login
      • Authentication Session
      • Redirecting back to the client
      • Login Context
      • Accepting Local Credentials
      • Integrating with External Providers
      • Dynamic Providers
      • Windows Authentication
    • Logout
      • Logout Context
      • Ending the Session
      • Client Notifications
      • Returning to the Client
      • External Logout
      • External Logout Notification
    • Error
    • Consent
    • Custom Pages
    • Federation Gateway
    • Client Initiated Backchannel Authentication (CIBA)
    • Server-Side Sessions
      • Session Management
      • Session Expiration
      • Inactivity Timeout
  • Requesting Tokens
    • Overview
    • Requesting a Token
    • Refreshing a Token
    • Issuing Tokens based on User Passwords
    • Extension Grants
      • Token Exchange
    • Dynamic Request Validation and Customization
    • Issuing Internal Tokens
    • Proof-of-Possession Access Tokens
    • Reference Tokens
    • Client Authentication
      • Overview
      • Shared Secrets
      • Private Key JWTs
      • TLS Client Certificates
    • Signed Authorize Requests
    • Calling Endpoints from JavaScript
  • Protecting APIs
    • Protecting APIs using ASP.NET Core
      • Using JWTs
      • Using Reference Tokens
      • Authorization based on Scopes and other Claims
      • Validating Proof-of-Possession
    • Adding API Endpoints to your IdentityServer
  • Data Stores and Persistence
    • Configuration Data
    • Operational Data
      • Grants
      • Keys
      • Server-Side Sessions
    • Entity Framework Integration
  • Diagnostics
    • Logging
    • Events
    • OpenTelemetry
  • ASP.NET Identity Integration
  • BFF Security Framework
    • Overview
    • Architecture
    • Authentication & Session Management
      • ASP.NET Core Authentication System
      • Session Management Endpoints
      • Server-side Sessions
    • API Endpoints
      • Local APIs
      • Remote APIs
      • YARP extensions
    • Token Management
    • Configuration Options
    • Extensibility
      • Management Endpoints
      • Session Management
      • Token Management
      • HTTP Forwarder
  • Deployment
    • Proxy Servers and Load Balancers
    • ASP.NET Core Data Protection
    • IdentityServer Data Stores
    • Distributed Caching
  • Upgrading
    • Duende IdentityServer v6.0 to v6.1
    • Duende IdentityServer v5.2 to v6.0
    • Duende IdentityServer v5.1 to v5.2
    • Duende IdentityServer v5.0 to v5.1
    • IdentityServer4 v4.1 to Duende IdentityServer v6
    • IdentityServer4 v4.1 to Duende IdentityServer v5
    • IdentityServer4 v3.1 to Duende IdentityServer v6
    • IdentityServer4 v3.1 to Duende IdentityServer v5
    • Microsoft SPA and Blazor Templates
  • Samples
    • Basics
    • User Interaction
    • ASP.NET Identity Integration
    • Requesting tokens
    • Backend for Frontend Pattern
    • Diagnostics
    • Miscellaneous
  • Reference
    • IdentityServer Options
    • DI Extension Methods
    • Endpoints
      • Discovery Endpoint
      • Authorize Endpoint
      • Token Endpoint
      • UserInfo Endpoint
      • Introspection Endpoint
      • Revocation Endpoint
      • End Session Endpoint
      • Device Authorization Endpoint
      • Backchannel Authentication Endpoint
    • Models
      • Identity Resource
      • API Scope
      • API Resource
      • Client
      • Identity Provider
      • Grant Validation Result
      • Secrets
      • Backchannel User Login Request
    • Services
      • Profile Service
      • Persisted Grant Service
      • Refresh Token Service
      • IdentityServer Interaction Service
      • Session Management Service
      • Device Flow Interaction Service
      • Backchannel Authentication Interaction Service
      • Backchannel Authentication User Notification Service
    • Response Generators
      • Authorize Interaction Response Generator
    • Stores
      • Resource Store
      • Client Store
      • CORS Policy Service
      • Identity Provider Store
      • Persisted Grant Store
      • Device Flow Store
      • Backchannel Authentication Request Store
      • Signing Key Store
      • Server-Side Session Store
    • Validators
      • Extension Grant Validator
      • Custom Token Request Validator
      • Backchannel Authentication User Validator
Edit this page
Home > Quickstarts

Quickstarts

The following hands-on tutorials guide you through a couple of common scenarios.

    Overview

    Protecting an API using Client Credentials

    Interactive Applications with ASP.NET Core

    ASP.NET Core and API access

    Using EntityFramework Core for configuration and operational data

    Using ASP.NET Core Identity

    Building JavaScript client applications

    Building Blazor WASM client applications