{"id":24692461,"url":"https://github.com/damienbod/token-mgmt-ui-application","last_synced_at":"2025-03-22T02:13:42.968Z","repository":{"id":273324505,"uuid":"918215652","full_name":"damienbod/token-mgmt-ui-application","owner":"damienbod","description":"ASP.NET Core application access token management","archived":false,"fork":false,"pushed_at":"2025-02-10T06:37:05.000Z","size":1425,"stargazers_count":4,"open_issues_count":1,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-04T13:46:20.895Z","etag":null,"topics":["aspnetcore","dotnet","iam","oauth","oidc","openidconnect","openiddict"],"latest_commit_sha":null,"homepage":"https://damienbod.com/2025/01/20/asp-net-core-user-application-access-token-management/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/damienbod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-17T13:33:05.000Z","updated_at":"2025-02-27T07:41:42.000Z","dependencies_parsed_at":"2025-01-20T08:41:38.871Z","dependency_job_id":null,"html_url":"https://github.com/damienbod/token-mgmt-ui-application","commit_stats":null,"previous_names":["damienbod/token-mgmt-ui-application"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2Ftoken-mgmt-ui-application","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2Ftoken-mgmt-ui-application/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2Ftoken-mgmt-ui-application/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2Ftoken-mgmt-ui-application/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/damienbod","download_url":"https://codeload.github.com/damienbod/token-mgmt-ui-application/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244894316,"owners_count":20527677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspnetcore","dotnet","iam","oauth","oidc","openidconnect","openiddict"],"created_at":"2025-01-26T20:15:21.490Z","updated_at":"2025-03-22T02:13:42.962Z","avatar_url":"https://github.com/damienbod.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ASP.NET Core application access token management\n\nManaging application access tokens in an ASP.NET Core web application. Any application with or without a user can use application access tokens as long as the application can persist the tokens in a safe way.\n\n## Setup \n\nAn ASP.NET Core web application authenticates using OpenID Connect and OpenIddict as the secure token server. The application needs to use data from an app-to-app resource. An OAuth client credential flow is used to get an application access token to access the API. The OAuth client credentials flow can only be used when it can keep a secret. This token has nothing in common with the delegated access token from the user authentication. The application is persisted once for the application. An in-memory cache is used for this. The application sends the application access token as a bearer token to the API.\n\n![ASP.NET Core application access token management](https://github.com/damienbod/token-mgmt-ui-application/blob/main/images/context.png)\n\n## Blogs in this series\n\n- [ASP.NET Core user delegated access token management](https://damienbod.com/2025/01/15/asp-net-core-user-delegated-access-token-management/)\n- [ASP.NET Core user application access token management](https://damienbod.com/2025/01/20/asp-net-core-user-application-access-token-management/)\n- [ASP.NET Core delegated OAuth Token Exchange access token management](https://damienbod.com/2025/02/10/asp-net-core-delegated-oauth-token-exchange-access-token-management/)\n\n## Links\n\nhttps://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims\n\nhttps://github.com/dotnet/aspnetcore/issues/8175\n\nhttps://www.epochconverter.com/\n\n## Standards\n\n[JSON Web Token (JWT)](https://datatracker.ietf.org/doc/html/rfc7519)\n\n[Best Current Practice for OAuth 2.0 Security](https://datatracker.ietf.org/doc/rfc9700/)\n\n[The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)\n\n[OAuth 2.0 Demonstrating Proof of Possession DPoP](https://datatracker.ietf.org/doc/html/rfc9449)\n\n[OAuth 2.0 JWT-Secured Authorization Request (JAR) RFC 9101](https://datatracker.ietf.org/doc/rfc9101/)\n\n[OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://datatracker.ietf.org/doc/html/rfc8705)\n\n[OpenID Connect 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html)\n\n[Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow](/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow)\n\n[OAuth 2.0 Token Exchange](https://datatracker.ietf.org/doc/html/rfc8693)\n\n[JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://datatracker.ietf.org/doc/html/rfc9068)\n\n[HTTP Semantics RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110#section-15.5.2)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Ftoken-mgmt-ui-application","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdamienbod%2Ftoken-mgmt-ui-application","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Ftoken-mgmt-ui-application/lists"}