{"id":15410593,"url":"https://github.com/damienbod/aspnetcorehybridflowwithapi","last_synced_at":"2026-01-04T09:12:55.066Z","repository":{"id":28846271,"uuid":"119501581","full_name":"damienbod/AspNetCoreHybridFlowWithApi","owner":"damienbod","description":"Different ASP.NET Core applications using OpenID Connect Hybrid flow Code Flow, Code Flow with PKCE, JWT APIs, MFA examples","archived":false,"fork":false,"pushed_at":"2025-02-05T08:19:39.000Z","size":7362,"stargazers_count":367,"open_issues_count":6,"forks_count":73,"subscribers_count":21,"default_branch":"main","last_synced_at":"2025-04-08T14:08:20.086Z","etag":null,"topics":["asp-net-core","asp-net-mvc","hybrid-flow","jwt","oauth2","oidc","openid","pkce","security","token"],"latest_commit_sha":null,"homepage":"https://damienbod.com/2018/02/02/securing-an-asp-net-core-mvc-application-which-uses-a-secure-api/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/damienbod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-30T07:51:21.000Z","updated_at":"2025-03-28T07:51:20.000Z","dependencies_parsed_at":"2023-09-22T09:45:55.803Z","dependency_job_id":"a3050f0f-e4a1-45a6-8c33-1016ddfd1fac","html_url":"https://github.com/damienbod/AspNetCoreHybridFlowWithApi","commit_stats":{"total_commits":462,"total_committers":3,"mean_commits":154.0,"dds":"0.010822510822510845","last_synced_commit":"b18accc61bff458af4b23830e29433d2700641a6"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreHybridFlowWithApi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreHybridFlowWithApi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreHybridFlowWithApi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreHybridFlowWithApi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/damienbod","download_url":"https://codeload.github.com/damienbod/AspNetCoreHybridFlowWithApi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254464891,"owners_count":22075570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asp-net-core","asp-net-mvc","hybrid-flow","jwt","oauth2","oidc","openid","pkce","security","token"],"created_at":"2024-10-01T16:45:11.949Z","updated_at":"2026-01-04T09:12:55.060Z","avatar_url":"https://github.com/damienbod.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n[![.NET](https://github.com/damienbod/AspNetCoreHybridFlowWithApi/workflows/.NET/badge.svg)](https://github.com/damienbod/AspNetCoreHybridFlowWithApi/actions?query=workflow%3A.NET) \n\n\n## Blogs: \n\n- [Securing an ASP.NET Core MVC application which uses a secure API](https://damienbod.com/2018/02/02/securing-an-asp-net-core-mvc-application-which-uses-a-secure-api/)\n- [Handling Access Tokens for private APIs in ASP.NET Core](https://damienbod.com/2019/05/10/handling-access-tokens-for-private-apis-in-asp-net-core/)\n- [Adding HTTP Headers to improve Security in an ASP.NET MVC Core application](https://damienbod.com/2018/02/08/adding-http-headers-to-improve-security-in-an-asp-net-mvc-core-application/)\n- [ASP.NET Core OAuth Device Flow Client with IdentityServer4](https://damienbod.com/2019/02/20/asp-net-core-oauth-device-flow-client-with-identityserver4/)\n- [Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE](https://damienbod.com/2019/10/11/securing-an-asp-net-core-razor-page-app-using-openid-connect-code-flow-with-pkce/)\n- [Force ASP.NET Core OpenID Connect client to require MFA](https://damienbod.com/2019/12/16/force-asp-net-core-openid-connect-client-to-require-mfa/)\n- [Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity and IdentityServer4](https://damienbod.com/2019/12/18/send-mfa-signin-requirement-to-openid-connect-server-using-asp-net-core-identity-and-identityserver4/)\n- [Requiring MFA for Admin Pages in an ASP.NET Core Identity application](https://damienbod.com/2020/01/03/requiring-mfa-for-admin-pages-in-an-asp-net-core-identity-application/)\n- [Require user password verification with ASP.NET Core Identity to access Razor Page](https://damienbod.com/2021/02/19/require-user-password-verification-with-asp-net-core-identity-to-access-razor-page/)\n\n## Database migrations\n\n```\nAdd-Migration InitialCreate -c ApplicationDbContext\n```\n\n```\nUpdate-Database\n```\n\n## History\n\n- 2025-11-30 .NET 10\n- 2025-08-03 Updated packages\n- 2025-02-04 Updated packages\n- 2024-11-12 .NET 9\n- 2024-11-12 Updated packages\n- 2024-10-05 Updated packages and security headers\n- 2024-09-17 Updated packages\n- 2024-08-14 Updated packages\n- 2024-04-29 Updated packages\n- 2024-04-04 Updated packages\n- 2024-01-28 Updated packages\n- 2024-01-14 Updated packages\n- 2023-11-17 Updated to .NET 8\n- 2023-11-03 Updated packages, fix security headers\n- 2023-09-22 Updated packages, switch to code flow with PKCE\n- 2023-08-18 Updated packages, updated start up, updated Duende IdentityServer\n- 2023-05-07 Updated packages\n- 2022-12-17 Updated packages to .NET 7\n- 2022-10-22 Updated packages\n- 2022-05-20 Updated packages\n- 2022-04-02 Updated packages, moved to nullable, some .NET 6 code styles\n- 2022-02-10 Updated namespaces\n- 2022-01-28 Updated packages\n- 2021-11-08 Update .NET 6 release\n- 2021-11-07 Update .NET 6 \n- 2021-11-06 Update .NET 5\n- 2021-08-19 improved security headers\n- 2021-08-18 Updated packages, improved security headers STS\n- 2021-05-28 Updated packages, added example for IClaimsTransformation\n- 2021-05-15 Updated packages, fix identity email bug\n- 2021-04-17 Updated nuget packages, improving API calls\n- 2021-03-17 Updated nuget packages\n- 2021-03-05 Updated nuget packages\n- 2021-02-25 Updated nuget packages, small clean up\n- 2021-02-17 Updated nuget packages \n- 2021-01-19 Switching to Azure.Extensions.AspNetCore.Configuration.Secrets\n- 2021-01-17 Updated nuget packages .NET 5.0.2\n- 2020-12-11 Updated to .NET 5\n- 2020-11-08 Added swagger to the API, moved to Azure.Security.KeyVault.Secrets\n- 2020-11-06 Updated nuget packages, npm packages\n- 2020-08-23 Updated nuget packages\n- 2020-07-03 Update IdentityServer4 to V4, Updated nuget packages, update npm packages\n- 2020-05-03 Updated nuget packages\n- 2020-03-02 Support FIDO2 and updated nuget packages\n- 2020-01-03 Added ASP.NET Core Identity App with MFA force\n- 2019-12-18 Added STS acr_values parameters logic\n- 2019-12-14 Added Require MFA client\n- 2019-12-13 Updated to .NET Core 3.1\n- 2019-10-11 Added example of Code Flow with PKCE for ASP.NET Core Razor Page App\n- 2019-10-06 Updated to .NET Core 3.0\n- 2019-05-10 Improving token handling\n- 2019-04-30 Switch to in-process, add token expired check, Updating nuget packages, updating npm packages\n- 2019-02-24 Updating obsolete API call code, updating npm packages\n- 2019-02-20 Updating STS, added the OAuth Device Flow\n- 2018-11-11 Updating Nuget packages, added feauture-policy\n- 2018-11-10 Updated to .NET Core 2.2\n- 2018-08-03 Updated to .NET Core 2.1.2\n- 2018-05-08 Updated to .NET Core 2.1 rc1\n- 2018-05-07 Updated to .NET Core 2.1 preview 2, new Identity Views, 2FA Authenticator, IHttpClientFactory, bootstrap 4.1.0\n\n## Links\n\nhttps://github.com/aspnet/Docs/tree/master/aspnetcore/security/authentication/cookie/samples/2.x/CookieSample\n\nhttps://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-2.2\n\nhttps://leastprivilege.com/2019/02/08/try-device-flow-with-identityserver4/\n\nhttps://tools.ietf.org/wg/oauth/draft-ietf-oauth-device-flow/\n\nhttps://github.com/leastprivilege/AspNetCoreSecuritySamples/tree/aspnetcore21/DeviceFlow\n\nhttps://hajekj.net/2017/03/06/forcing-reauthentication-with-azure-ad/\n\nhttps://tools.ietf.org/html/draft-ietf-oauth-amr-values-04\n\nhttps://openid.net/specs/openid-connect-core-1_0.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Faspnetcorehybridflowwithapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdamienbod%2Faspnetcorehybridflowwithapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Faspnetcorehybridflowwithapi/lists"}