In this session I would like to share my experiences implementing an OAuth 2.0 solution to protect our REST API by using an open source .Net product called Identity Server by thinktecture ( As we migrated our web application from ASP.Net to Angular with a REST back end, we needed to improve authentication not only for the web applications, but also for our tablet applications and applications created by third party developers. An extra challenge in this project is that we do not run this application we develop. At Lucity, we write software that we sell to city agencies to management the assets of their infrastructure, so it is our clients that are installing this software and it is the data of our clients that needs to be protected. Join me as I discuss OAuth 2.0, flows, Scopes, OpenID, JWT, third party integrations, and mitigating XSS and CSRF risks.

Rob Kraft is an independent project manager, architect and developer from Lee's Summit, MO.  He has been developing software 30 years beginning in a mainframe environment at the Federal Reserve Bank.  Since 1995 he has been developing client/server, web applications, and REST APIs for several companies, most recently Lucity, Inc.   By day he  architects solutions primarily using .Net technologies, SQL Server, Oracle, and REST APIs.  By night, he runs, blogs occasionally at and volunteers IT expertise to several local non-profits.  His company web site is, which is in dire need of modernization.

0 Response to "August 16: Identity & Access Management - Rob Kraft - Protect Your REST API with OAuth 2.0"

Post a Comment

Group Tools

Random Prize Winner
Use this tool to generate random numbers for prize drawings.

Computer Humor Slideshow
Just for fun!

Follow this twitter list of the twitter accounts for the user groups. Ask for your group to be added to this list: twitter list
Subscribe to the Kansas City User Group Newspaper at

Blog Archive