Securing APIs using ASP.NET Core and OAuth 2.0 DPoP
- Identity provider/STS: https://localhost:5001
- API https://localhost:5005
- UI https://localhost:5007
- 2024-12-03 Updated packages
- 2024-11-01 Updated packages
- 2024-10-25 Improved security headers
- 2024-10-24 Updated packages, improved security headers
- 2024-06-22 Updated packages
- 2024-03-24 Updated packages
- 2024-01-28 Updated packages
- 2024-01-05 Updated packages
- 2023-11-17 Updated .NET 8
- 2023-11-03 Updated packages, fixed security headers
- 2023-10-10 Updated packages
- 2023-08-28 Updated packages
OAuth 2.0 Demonstrating Proof of Possession DPoP
https://github.com/DuendeSoftware
https://github.com/DuendeSoftware/Samples/tree/main/IdentityServer/v6/DPoP
https://github.com/DuendeSoftware/IdentityServer.Templates
https://docs.duendesoftware.com/identityserver/v6/tokens/pop/dpop/
https://developer.okta.com/docs/guides/dpop/main/#build-the-request
https://darutk.medium.com/illustrated-dpop-oauth-access-token-security-enhancement-801680d761ff
https://learn.microsoft.com/en-us/entra/msal/dotnet/advanced/proof-of-possession-tokens