This sample shows how to parse and validate a JWT token issued by IdentityServer inside an Azure Function.
This sample shows how to use Kestrel using MTLS for client authentication and proof of possession API access. Using Kestrel will not likely be how MTLS is configured in a production environment, but it is convenient for local testing. This approach requires DNS entries for mtls.localhost and api.localhost to resolve to 127.0.0.1, and is easily configured by modifying your local hosts file.
This sample shows how to access APIs using DPoP for proof of possession. It contains two different clients; one that uses client credentials and DPoP tokens, and another that is an interactive ASP.NET Core app using code flow to obtain the DPoP bound tokens. Both clients demonstrate the use of the Duende.AccessTokenManagement library with DPoP. The sample also contains an API with the necessary helper code to accept and validate DPoP bound access tokens.
This sample shows how to enable server-side sessions and configure the basic settings. The sample requires all three projects to be run at once.
Things of note:
This sample shows how to do seamless migration of existing cookie-based session when enabling server side sessions. Normally when server side sesssions are enabled all existing logged in sessions are invalidated and the users are forced to log in again. If the application has sessions with long lifetimes where it would be a problem to have all users log in again the sessions can be migrated. Instructions for running the sample are in the HostingExtensions.cs file.