https://www.meetup.com/KansasCityIAM/

In this session I would like to share my experiences implementing an OAuth 2.0 solution to protect our REST API by using an open source .Net product called Identity Server by thinktecture (http://www.thinktecture.com/identityserver). As we migrated our web application from ASP.Net to Angular with a REST back end, we needed to improve authentication not only for the web applications, but also for our tablet applications and applications created by third party developers. An extra challenge in this project is that we do not run this application we develop. At Lucity, we write software that we sell to city agencies to management the assets of their infrastructure, so it is our clients that are installing this software and it is the data of our clients that needs to be protected. Join me as I discuss OAuth 2.0, flows, Scopes, OpenID, JWT, third party integrations, and mitigating XSS and CSRF risks.

Rob Kraft is an independent project manager, architect and developer from Lee's Summit, MO.  He has been developing software 30 years beginning in a mainframe environment at the Federal Reserve Bank.  Since 1995 he has been developing client/server, web applications, and REST APIs for several companies, most recently Lucity, Inc.   By day he  architects solutions primarily using .Net technologies, SQL Server, Oracle, and REST APIs.  By night, he runs http://www.KansasCityUserGroups.com/, blogs occasionally at http://csharpdeveloper.wordpress.com/ and volunteers IT expertise to several local non-profits.  His company web site is http://www.KraftSoftware.com, which is in dire need of modernization.