Start free trial Sign in

From the course: Building and Securing RESTful APIs in ASP.NET Core

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

More about OpenID Connect

More about OpenID Connect - ASP.NET Core Tutorial

From the course: Building and Securing RESTful APIs in ASP.NET Core

Start my 1-month free trial

More about OpenID Connect

“

- [Instructor] We used OpenIddict to add the OpenID Connect password flow to the API. There's more that OpenID Connect can offer and a lot of it is outside the scope of this course. I did wanna touch on a few points so that you have a frame of reference for further research and learning. As a refresher, here's how the password flow works. The client posted the user credentials directly to the token endpoint and got back an access token to use for further API calls. I chose to demonstrate the password flow in this API because it's fairly simple to set up. It does have some downsides though. For example, the client has to directly capture and handle the user's credentials before sending them to the server. There are other patterns available in OpenID Connect that deal with this a little bit better. One pattern you'll see a lot in larger systems is splitting the responsibility of authenticating the user and generating tokens away from the rest of the API. In this arrangement, OpenIddict…

Contents

- (Locked)
  
  Next steps
  
  59s