I recently got a task to implement standard OpenIdConnect/OAuth authentication/authorization with JWT Web tokens to a .NET 8-based API. It's been a while since when I last configured this, so I needed to check a few things first. While searching I spotted an article about generating

I recently noticed that Bitwarden which is known for the Password Manager product has started to offer a passwordless authentication service called Bitwarden Passwordless.dev. Bitwarden Passwordless.dev provides the API framework that minimizes complexities associated with passkey development. Bitwarden says, that enabling FIDO2 WebAuthn passkey features to the application

This is an extension to the previous post about "How to build Micro-Frontend Architecture with Web Components and BFF (part 1/2)" with code samples. Read the previous post to get more information in general about Micro-Frontend architecture and its pros & cons. Consuming Web Components via Backend

This is blog post handles Micro-Fronted Architecture and how to utilize Web Components via Backed for Frontend. What is Micro-Frontend Architecture? Micro-frontend architecture is a design approach in which a front-end app is decomposed into individual, semi-independent “microapps” working loosely together. The micro-frontend concept is vaguely inspired by, and named

A few months ago I wrote a blog post that illustrated the usage of the Duende BFF component. Duende BFF handles all Backend for Frontend responsibilities behind the scenes automatically. In this blog post, I'm concentrating more on to reverse proxy side of how to re-route requests to

I recently started to investigate what kind of BFF (backend-for-frontend) options are available if you want to apply the "no tokens in the browser" policy for your application. Backend for frontend is not a new thing but nowadays it's the recommended way to keep tokens out

This blog post shows how to configure custom MFA implementation to Azure B2C with custom policies (SignIn). Azure MFA can be easily configured to the custom policies but sometimes custom implementation is required ex. if you want to use your service provider to deliver SMS-based MFA events. The article doesn&

When you're using Azure AD B2C custom policies you most probably have created TrustedFrameworkBase.xml, TrustedFrameworkExtensions.xml, and ex. SignUpOrSignIn.xml files. These files always contain environment-specific references which are required to change during the deployment process.  Microsoft Docs has an article on how to deploy custom policies

Background I recently worked on a project where we implemented an application that uses Azure AD B2C as an IDP. In the first phase, users were using local Azure AD B2C to sign up and sign in. The next phase of the project brought federated external IDP sign-in possibilities for

Background  This blog post shows how to create a PowerShell script that authenticates the user against Azure AD and creates a request to API with a bearer token. Preparations First, we need to create an Azure AD application. Create applications with the following settings: Azure AD application for API * Open

This blog post shows how to configure an environment where users can log in to Azure Web applications using B2B (business) accounts or B2C (consumer) accounts. Azure B2C is a separate product from Azure AD which enables federated authentication to social platforms (ext. Facebook, LinkedIn, Twitter, Google) using the Open