►
Description
Join members from the ASP.NET teams for our community standup covering great community contributions for ASP.NET, ASP.NET Core, and more.
Community links for this week: https://www.theurlist.com/aspnet-standup-2019-09-17
A
A
That
out
well
so
yeah,
so
we've
got
the
identities
here
for
folks
on
I'm
super
excited
about
this
I've
been
trying
to
get
this
lined
up
for
many
months,
emailing
back
and
forth
and
stuff.
This
was
this
actually
started
with
a
suggestion
we
have
at
the
end
of
the
at
the
end
of
each
show.
We
have
a
little
thing
where
people
can
suggest
a
a
beaker,
so
you
suggest
something
and
today
I'm
gonna
see
actually
I.
Think
I
can
mute
a
show.
A
A
Wonderful
exciting
times
here
we
go
so
I'm
starting
off
with
a
post
from
Callie.
He
is
he's
writing
up
search
experiences
using
elastic
search.
So
this
is.
This
is
a
pretty
cool
one.
He
imports
a
CSV
with
with
capitals
for
different
countries
and
then
just
walk
walks
through
how
he's
loaded
stuff
up
he's
using
plastic
surgeon,
s10,
CSV,
helper,
and
so
you
know,
ghoster
shows
how
he's
integrating
those
calling
into
the
search
service
and
one
kind
of
cool
thing.
You
know
it's
it's
a
little
easy
to
think
I'll.
A
Just
do
my
own
foot
I'll
do
my
own
search
and
I'll.
Just
you
know,
do
a
red,
X
or
whatever,
but
it
is
neat
to
see
how
you
can
do
things
like
turn
on
some
additional
features.
So
in
this
he's
doing
a
map
search-
and
he
includes
some
things
like
turning
on
fuzziness,
so
you
know
like
having
a
distance
fuzziness
in
the
search
results,
so
pretty
cool,
pretty
cool.
A
You
know
walk
through
each
alright
over
to
Scott
Allen
Scott
is
talking
about
comparing
or
you
know,
his
I
love
his
kind
of
opinions
he
goes
through
and
just
like.
Here's.
What
I
prefer
doing
and
and
looks
at
the
options
and
and
explains?
Why
is
thinking
different
things
so
here
he
shows
some
some
reasons
to
prefer
razor
pages
as
opposed
to
MVC.
A
So
you
know
just
looking
at
a
ability
to
kind
of
organize
your
features,
so
you're
kind
of
just
more
logically
grouping
things
together
and
also
URLs
and
then
the
one
the
one
place
where
he
still
prefers.
You
know
the
the
controller
style
is
for
api's.
So
it's
kind
of
a
nice,
quick
post
but
I
think
a
nice
opinion
there
and
I
I
kind
of
lean.
That
way
too.
A
All
right,
nice,
post
from
Heather
she's
talking
about
integrating
so
she's
doing
a
walkthrough
with
with
blazer
asp
net
core
three
using
the
latest
templates
and
then
hooking
this
into
octa
for
identity,
so
walk
through,
including
you
know,
installing
the
the
new
templates
going
through
running
the
application
and
then
here's
the
kind
of
section
where
it
goes
through
and
hooks
up
to
the
octa
back-end
for
four
additional
identity
stuff.
So.
D
A
Yep
all
out
to
the
show,
especially
yep,
yeah,
okay
cool.
This
is
a
nice
one
for
Michael
Washington.
Here,
he's
writing
about
a
new
thing.
That's
been
introduced
to
blazer,
and
this
is
owning
component
base
and
a
thing
that
you'll
run
into
with
blazer.
Is
you
have
these
long-running
things?
You
have
components
that
stay
around
and
are
not
automatically
disposed
as
you
might.
It's
very
easy
to
get
into
the
kind
of
request/response
nature
of
the
web
thinking
and
think
everything's
going
to
be.
A
A
So
then,
going
through
to
the
to
the
end
here
and
you
actually
I
have
you
know
the
the
component
as
the
component
is
dismissed,
then
the
any
framework
context
is
disposed
of
well.
Another
blazer
will
run
here
this
one
from
Steve,
Sanderson
and
so
Steve's
writing
about
a
you
know:
options
for
upload
in
in
blazer
some
different.
You
know
components
you
can
use
and
then
here's
here's
one.
That's
a
new
get
package
he's
introduced
laser
input
file,
so
just
a
walk
through
of
you
know,
relatively
straightforward.
A
A
All
right
to
from
Andrew,
lock
here
so
he's
been
going
through,
is
peanut
quarry
stuff.
One
nice
feature
here
is
service
provider
validation.
So
this
is
support
for
you
know,
looking
at
your
application
and
detecting
cases
where
you
don't
have
dependency
registered,
so
here
he
walks
through
again
the
common
case
here
with
the
weather
forecast,
seeing
that
a
lot
lately.
So
here
we've
got
weather
forecast,
but
we've
forgotten
to
register
it
I'm
in
it
out
how
silly
of
us
so
then,
here
we're
actually
seeing
you
know
oops.
A
You
forgot
to
register
he
walks
through
for
cases
where
these
things
are
not
going
to
be
checked.
So
there
are
some
gotchas
hear
things
like
controller
constructor
dependencies,
open
generics,
etc.
So
so
those
are
the
cases
where
you're
not
going
to
see
it,
but
it
is
still
a
nice
feature
that
it
will
check
for
you,
I.
A
Cool
yeah,
those
are
frustrating
too,
because
otherwise,
without
this
wait
what's
going
on,
it
can
take
a
little
bit
to
understand
what's
happening.
This
nice
feature.
Here's
another
nice
thing.
This
is
asp
net
core
3
support
for
running
async
tasks
on
startup,
so
he
calls
out
some
great
common
scenarios.
I've
used
this
for
pre-populating
caches
on
startup,
so
you
mentioned
that
also
things
like
you
know:
validating
strongly-typed
configuration
or
definitely
database
migrations.
So
those
are
things
you
would
would
want
to
kick
off
an
async
task
on
startup
previously
and
to
tie
two
decks.
A
There
were
problems
with
all
the
different
options
for
that.
So
now
there's
a
change
where
I
hosted
service
runs
beforehand,
so
he
compares
here's
the
two
decks
on
top
and
here's
three
decks
now
so
you've
got
support
for
this,
so
you
can
kick
off
a
start.
Async
task
during
the
start,
async
of
your
webhost
and
off
to
the
races
so
really
handy.
Definitely,
I'd
love
to
have
you
know,
pre
build
caches
for
just
about
everything.
So
I
just
saw
this
today
come
in
over
Twitter.
This
is
just
a
nice,
a
nice
sample.
A
This
is
an
azure
function
using
poly
with
logging
and
retry,
so
here
here's
the
kind
of
hook
up
in
the
startup.
So
this
is
for
an
azure
function
and
then
you
know
calling
off
to
and
and
using
the
calling
off
to
services
from
your
ashore
function
and
that
function
is,
and
you
know
able
to
use
retries,
timeout
and
stuff.
So
this
is
handy.
I've
been
using
this
pattern.
A
Right
here
we've
got
Dan
Roth
posted
from
last
week
or
excuse
me
from
yesterday.
This
is
the
RC
one.
So
this
is
the
last
before
we
we
go
with
the
release
next
week
at
dotnet,
Kampf,
so
very
quick
instructions
on
how
to
update
and
how
to
get
feedback.
Oh
I
have
one
other
that
I'm
going
to
be,
including
in
the.
A
A
E
A
Great
question
so
one
thing
that
I've
been
really
liking
lately,
there's
a
Facebook
thing,
so
facebook
asp
net
core
yeah.
So
I
just
watch
for
stuff
on
twitter,
but
this
asp
net
core
facebook
group
has
been
one
of
my
top
sources
lately,
so
I
I
just
love
this
I've
scrolled
it
through
this
definitely
on
Tuesdays,
but
I.
Also,
you
know
check
into
it
during
the
there's.
Some
other
just
top
names
I'll
recognize
over
and
over,
like
Andrew.
Locke
is
definitely
on
regularly.
A
A
Alright
I
think
I'm
done
sharing
so
I'm
back
over
to
you
folks
and
who's
who's.
Starting.
What
do
you?
What
do
you
guys
so
I
invited
you
folks,
because
I've
been
a
fan
of
identity,
server
for
awhile
identity
server
as
a
foundation
project?
It's
a
really
cool
project
that
you
folks
run
and
then
recently
can.
Can
you
explain?
What's
the
new
excitement
with
is
peanut
core
3,
so.
C
C
And
then
you
know
it
evolved
to
become
an
actually
a
proper
web
forms
applications
and
then
you
see
and
then
katana
and
so
and
things
ever
is.
It
was
basically
adding
token
issuance
capabilities
to
an
HTML
application,
and
you
know
that
became
more
mainstream
over
the
years
that
that
php.net
team
started
building
similar
things
and
realized
that
this
actually
exists
already
out
there,
and
you
know
talking
to
them.
For
many
many
years,
I
checked
my
emails
and
the
very
first
email
exchange
we
had
regarding
this
topic
was
in
trend
interest.
C
So
it
was
a
long
time
coming
so
yeah
and
then
basically,
you
know
a
year
ago
or
so
Barry
Lawrence,
who
is
the
security
p.m.
on
the
team?
He
said:
okay,
let's
you
know,
use
your
staff
and
actually
build
build
that
into
a
couple
of
templates,
because
our
customers
have
been
asking
for
that.
I
guess:
that's
that's
the
story
behind
it
and
then
okay,
yeah
yeah
I
did
all
the
hard
work
of
doing
it.
Yeah.
B
Alright,
so
I'm
gonna
do
that
hard
mode
because
I
think
is
fire.
Yeah
I'm
gonna
really
quickly
create
a
couple
of
projects
yeah,
so
I'm
using
RC
one
I'm
using
the
command
line,
because
I
have
so
many
environments
that
might
be
so
studio
doesn't
recognize
things
but
essentially
I'm,
creating
a
react,
app
and
I'm,
creating
an
angular
app
and
we're
gonna
be
doing
a
deployment
while
well
I'm
explaining
to
you
guys
the
templates,
I
think
I.
B
We
haven't
shown
the
templates
on
the
community
stand
up
yeah,
but
I've
shown
the
templates
in
in
so
many
places
already
yeah.
That
is
kind
of
boring
to
see
always
the
same
thing.
So
what
I'm
gonna
do
is
I'm
gonna
start
real,
quick
by
by
doing
a
publish
for
the
app
yeah
and
I'm
only
going
to
publish
angular,
so
I'm
gonna
create
a
profile,
and
this
is
pretty
standard
vanilla,
it's
big
on
net
deployment,
so
well!
Well,
that
is
loading
there
I'm
gonna
here.
If
you
can
see
my
my
window,
I
probably
need
to
actually.
B
Okay,
so
can
you
see
the
pants
well,
yeah,
we're
triggering
a
builder,
so
essentially,
what
we
have
done
is
we've
integrated
a
identity
server.
We
have.
We
have
created
a
small
integration
package
that
essentially
streamlines
the
scenarios
we
care
about
for
this
release.
We
started
with
his
past
because
that
was
the
the
most
glaring
gap
that
we
had
in
the
in
the
platform
in
the
future,
we're
thinking
of
expanding
it
to
like
other
types
of
publications,
especially
like
API,
to
API
communication
yeah.
B
So
we
give
you
a
couple
of
things
that
set
everything
up,
so
we
give
you
this
identity
server,
that
is
the
default
entity,
server
called
from
identity
server
and
this
extension
method
out
API
authorization
that
essentially
takes
care
of
setting
everything
up
for
you.
We
also
set
up
a
authentication
for
you
in
a
way.
A
B
C
But
the
real
motivation
here
was:
you
know:
identity
serve
as
a
super,
powerful
integration
system
and
the
you
know.
The
problem
is
that
it's
you
know
it's
sometimes
a
bit
hard
to
get
started
with
that,
because
there
were
so
many
options.
So
what
really?
We
did?
Yes,
he
basically
you
know
streamlined
the
configuration
options
for
the
scenarios
that
is
templates
are
looking
for,
which
is,
as
I
said,
when
our
started
step
texture.
That
was
the
intention
all.
B
Right,
so
that's
going
on
so
what
I
want
to
show?
You
is
actually
that
you
can
now
have
an
entire
token
server
yeah
without
having
to
actually
manage
any
any
secret
yourself,
which
I
think
is
pretty
cool,
because
if
you
ask
me
when
you're
building
an
app
or
like
making
a
service,
the
first
thing
I
would
think
to
outsource
is
secret
handling.
B
B
B
B
So,
as
I
was
saying,
yeah
well
we're
gonna
do
is
we're
gonna,
create
a
certificate
from
people
that
we're
gonna
importing
to
rush
or
AB
service
and
we're
gonna
use
that
to
a-sine
tokens,
essentially
so
creating
well?
Well,
that's
going
on.
Let's
go
back
to
the
to
the
app
so
essentially,
this
is
all
that
you
mostly
need
to
care
about.
From
from
the
startup
point
of
view,
it's
also
done
for
you
with
Johson
I
would
configuration
that
we
think
it's
a
is
the
most
secure.
B
We
have
this
small,
a
controller
here
that
streams
their
configuration
to
the
client,
so
the
client
doesn't
have
to
like
configure
the
the
OEC
client
itself.
We
it
just
asked
the
server
for
the
information
then
within
within
the
actual
spa,
which
is
the
where
most
of
the
code
actually
is.
What
we've
done
is
try
to
isolate
off
as
much
as
possible
so
that
it's
essentially
almost
a
plug-and-play,
a
part
of
your
of
your
app.
B
So
if
you
are
familiar
with
angular
angular
has
this
concept
of
modules
and
what
we
have
done
is
we
have
create
a
Pai
appreciation
module
where
we
give
you
all
the
all
the
tools
to
integrate
with
the
with
a
server
application.
So
in
your
app
module
there
in
the
definition,
there
are
only
a
couple
of
places
where
you
see
your,
where
reduces
where
you
see
they,
they
are
actually
show
up.
B
So
you
see
in
in
the
Interceptor,
which
is
a
service
that
we
use
to
actually
automatically
inject
the
token
you
see
in
the
module,
import
and
I
think
those
are
dia
and
yeah
sorry
and
in
the
authorized
guard.
So
the
authorized
guard
is
the
component
that
we
give
you
so
that
you
can
protect
a
route
within
within
your
spa
and
when
we
say
protect
around
here
we
don't
mean
actually
like
checking
claims
or
principles
or
something
like
that.
We
just
make
sure
that
you're
authenticated
and
that
you
have
an
access
token
that
you
can
use.
B
B
We
pick
a
name
here
twist
this
one
yeah.
We
don't
really
need
to
like
worry
about
the
name
or
any
of
the
parameters
or
the
defaults.
That
Kewell
gives.
You
are
pretty
good.
You
can
change
the
time.
Yeah
the
certificate
is
valid,
but
essentially
that's
creating
a
certainty
will
take
a
few
seconds.
So
this
on
the
building
side,
we're
about
to
see
they
are
actually
running
so
what's
happening
is
angular
was
doing
a
thing
and
P
am
building
blah
blah
blah,
etc.
B
So
what
we
get
here
is
essentially
the
standard
angular
app
with
the
home
counterfeits
data
and
additionally,
you
get
a
register
and
login
patterns.
So
one
of
the
things
that
we
talked
about
when
I
was
showing
the
module
is
that
out,
ristar
so
or
fetch
data
is
a
protected
endpoint
and
that
outer
I
star
that
we
put
in
the
in
the
configuration
for
the
route
make.
It
makes
a
check
to
see
if
the
user
is
authenticated
and
if
there
is
a
token
for
it
and
if
not,
it
starts
the
authentication
flow.
B
A
B
B
E
I'm
gonna
try
to
type
up
here.
Hopefully
there's
not
too
much
of
an
echo
I
was
muted
before
I
think
that
might
be
our
echo
problem.
So
a
couple
things
that
I
really
like
about
how
this
all
works
is
that
these
templates
are
putting
on
top
of
components
that
already
exist
right.
You
have
identity
server.
That
gives
you
tokens.
You
have
asp.net
identity
right,
which
is
your
user
management
tool.
E
You
know
for
storing
credentials
and
things
like
that,
and
so
you're
building
this
app
that
that
and
then
and
those
are
all
components
you
could
use
independent.
But
the
nice
thing
about
the
template
is
it's
pulling
them
all
together,
right
and
nice
out-of-the-box
experience,
you
don't
have
to
be
experts
and
stitching
all
those
together
and
then
on
your
client
side,
stuff.
That's
the
other
thing
too,
is
that
your
angular
component,
there
is
your
template
code,
is,
is
sitting
on
top
of
a
open
source
component
as
well.
E
That
actually
does
all
the
protocol
work,
which
is
the
OID
C
client,
JavaScript
library.
So
all
of
these
things
that
I
just
wanted
to
add
on
top
of
this
is
all
these
things.
You
could
use
individually,
so
if,
if
the
template
doesn't
suit
exactly
what
you
need
right,
you
could
always
take
them
and
extend
them
and
tailor
them
for
your
needs.
But
the
template
does
a
great
job
of
pulling
these
all
together
into
this
nice
out-of-the-box.
You
know
experience
with
Visual
Studio,
so.
C
A
Yeah
so
this
gets
me
started.
This
is
something
where
I
can
get
up
and
running
quickly
and
kind
of
have
the
best
like
save
some
of
the
oh
I
need
to
go,
read
the
docs
and
do
all
the
right
and
and
then,
if
I,
want
to
go
and
implement
other
features.
I
can
start
like.
Then
I
can
look
into
Doc's
and
start
turning
additional
features
on
their
offers.
Afraid
I.
C
Think,
what's
nice
about
it
is
that
identity,
server
and
all
of
the
things
happening
actually
invisible
to
the
normal.
You
know
if
you're
not
looking
very
very
closely
at
URLs
and
we
string
parameters
and
so
on.
It
is
actually
invisible.
That's
how
security
should
be
right.
I
mean
the
moment
security
becomes
visible.
You
basically
failed
yeah.
It
should
just
be
there
doing
its
job.
Yeah
yeah.
If
you
look
closely
what
you're
actually
getting
here
is
a
full-blown
open,
ID,
connectable
auth
token
service
now
has
all
of
the
bells
and
whistles
in
the
template.
Gem.
A
E
In
terms
of
the
the
token
server,
are
you
just
the
whole
solution?
I
mean
again,
this
is
the
Kannada
minute
a
minute
ago
is
that
these
are
all
just
components
that
have
been
out
there
already,
and
you
know
you
could
have
used
them.
You
could
use
them
right
now
before
this
template
comes
out,
so
an
identity
server
in
our
repo,
which
Dominic
I
think
is
going
to
show
it
a
bit.
We
already
have
integration
tests,
so
you
can
actually
see
how
you
can
load
up
integration
tests.
E
We
use
the
you
know
the
the
test
host,
which
is
actually
part
of
anesthesia
net.
Core
I
was
doing
this
for
customer
work.
This
last
week
is
I
mean
they're.
Just
yes,
all
of
this
is
is
testable
unit
testable
and
integration
testable,
and
we
have.
You
know
samples
of
that
in
our
in
our
repos
up
on
github,
okay,.
B
A
D
C
So
if
you
would
delete
an
account
cookie
with
the
token
service
would
be
automate
automatically
valedale
after
30
minutes
access
tokens,
which
is
maybe
the
question
the
real
question:
yes,
they
have
seen
infinite
lifetimes
as
well,
so
by
default,
I
think
our
ex-cons
are
for
60
minutes,
I
think
that's
still
the
case
from
a
template.
You
can
tweak
this
value
after
60
minutes.
C
The
the
client
has
to
go
back
in
the
token
server,
and
only
if
the
cookie
is
still
valid
with
the
token
server,
then
he
will
get
a
new
token,
which
means
again
if
the
account
was
deleted.
That
session
will
be
gone.
So
you
know
in
the
worst
case,
to
never
you
I
guess
it
is
it'll.
Take
as
long
as
the
lifetime
of
the
exes
tokens.
A
E
I
mean
I
think
if
they're,
if
they're
talking
about
yes,
so
the
I'm
going
to
mention
the
access
tokens
expire.
For
a
reason,
that's
that's
good,
but
then
you
do
need
to
be
able
to
renew
them
and
the
specification
committees
that
work
on
these
protocols
have
designed
the
in
spat
in
the
specs.
For
this
token,
renewal,
unfortunately,
signal
are
was
not
one
of
the
technology
options
that
they
included.
So
if
you
use
something
like
that,
then
you're
you're,
you
know
kind
of
on
your
own
figuring
out
that
solution.
The
way
that
the
spa
works.
E
There
are
a
couple
different
approaches
you
could
take,
but
I
think
with
the
defaults
with
the
spa
is
that
it
actually
uses-
and
this
is
what
the
the
spec
workflows
actually
expect
you
to
do
or
the
app
to
do
is
it
from
a
spa.
They
actually
expect
you
to
use
a
hidden
iframe
to
renew
tokens
and
I
know
everyone's
cringing,
because
you
know
iframes.
E
You
know
everyone
thinks
that
it's
like
the
awful
technology
of
the
web,
but
at
the
time
that
they
developed
the
specs
and
they
developed
the
threat
models
against
those
things
and
the
fact
that
the
iframe
is
predicated
on
the
cookie,
which
is
your
ultimate
session.
That's
that's
the
the
approach
that
has
taken
and
and
I
actually
kind
of
like
that,
the
the
cookies
gone.
E
You
know
the
fact
that
you
have
to
use
this
iframe
to
get
a
new
token
and
the
cookie
song
means
your
cookie
ultimately
limits
your
your
ability
to
continue
to
get
new
access
tokens
there's
a
whole
other
approach
as
well,
which
I
think
is
beyond
the
conversation
here
about
refresh
tokens,
but
in
general,
that's
a
much
more
complicated
scenario.
I
think
to
consider
okay.
A
One
other
question
I
think
before
letting
you
jump
back
into
yet
any
other
demos
and
stuff
brave
Cobra
2
says
this
is
great
for
demos:
how
to
make
this
production-grade
I
think.
The
idea
here
is
you're
running
on
top
of
standards
that
are
production
grade
right.
Like
I
mean
this
is
not.
This
is
not
a
toy
demo.
This
is
something
that
you
should
be
able
to
deploy,
or
is
this
the
beginning
and
then
I
need
to
go
and
do
some
work
to
make
it
ready
for
production.
Yeah.
B
E
I,
like
that
you're
using
the
certificate
up
in
Kibo
for
this,
because
that
is
a
real
sticking
point.
You
know,
like
that's
one
of
those
things.
People
don't
think
about,
is
that
this
underlying
you
know
key
material
used
for
the
whole
token
server
is
super
important,
so
I
like
that
you're
doing
this
in
this
demo,
yeah.
B
So,
to
recap:
a
bit
because
we've
been
jumping
back
and
forth,
we
created
an
app.
We
created
an
azure
website.
We
created
a
database
for
the
app
we
created
a
keyboard
for
it.
We
generate
a
certificate
in
the
inside
that
keyboard.
So
what
I'm
doing
right
now
is
I'm
importing
that
certificate
into
a
shrub
service
and
for
that
I
simply
go
to
PSL
LS
settings.
B
It's
under
private
key
certificates,
which
is
a
bit
like
misleading,
but
you
essentially
pick
up
here:
import
from
keyboard
input
from
keyboard.
Then
you
choose.
Your
resource
group
should
choose
the
certificate
that
you
want
to
import.
It's
gonna
show
up
here
in
a
second
yeah,
so
there's
my
demo
sign
insert
so
then,
when
I
want
to
deploy
it,
there
is
one
extra
thing
that
we
need
to
do,
which
is
to
add
this
web
load
certificates
setting
into
our
service
and
give
it
a
thumbprint
a
thumbprint
of
the
certificate,
okay
yeah.
B
So
that's
updating
the
settings
on
on
the
app
and
after
that
the
last
piece
is
to
tell
it
to
use
the
certificate.
So
what
we
do
is
we
have
a
configuration
set
up
for
you
and
we
simply
tell
you
what
key
to
use
and
we
simply
say,
go
and
grab
the
certificate
from
the
store
is
from
the
current
user
personal
store
and
the
subject
is
demo
sign
insert,
which
is
the
name
that
I
gave
it
when
I
created
it
in
keyboard.
B
So
this
is
the
only
piece
that
you
need
to
to
give
it
in
order
for
this
to
like
pick
it
up,
and
now,
if
we
do
publish,
let
me
just
check
that
everything
is
in
place
here,
because
this
needs
to
be
self
contained
and
there's
no
way
we
next
e6.
So
this
only
two
things
are
because
we
haven't
deployed
yet
like
donate
cord,
three
zero
to
one
Terrace
or
wash
your
web
sites.
B
B
C
But
first
of
all,
this
is
actually
a
really
good
page
that
documents
the
template
lobby
is
showing
how
to
start
these
templates
and
what
you
need
to
do
here
and
what
you
know:
the
code
that
it
spits
out
and
the
various
extension
methods
and
all
to
be
in
the
app
settings.
And
you
know
all
the
things.
So
that's
probably
something
you
want
to
read
if
you
are
interested
in
that.
C
What
you
can
do
at
any
point
in
time,
as
I
said,
the
templates
are
very
focused
on
this
one
scenario,
which
is
for
now
at
least
the
spa.
With
a
talking
base
type
engineer
you
you
can
at
any
point
in
time,
drop
drop
out
of
that
you
know
DSL
if
you
like,
and
go
back
to
our
native
configuration
system,
which
gives
you
even
you
know
much
more
options.
So,
if
you're
interested
in
that
again,
you
know
point
you
to
our
documentation,
which
is
reka
Doc's,
but
I,
don't
and
here
basically
yeah.
C
So
we
edition
it
up
in
like
more,
like
conceptual
topics
that
we
have
keys,
quick
starts,
which
give
you
like
a
walkthrough
through
various
scenarios
and
step-by-step
instructions.
We
have
a
topic
section
here,
which
you
know
talks
just
about
common
things
like
what,
if
you
want
to
add
windows,
education,
what
if
you
know
you
want
to
refresh
children
or
whatever,
and
then
we
have
kind
of
like
a
reference
section
at
the
end
for
the
various
in
coins
and
and
their
sinks.
C
Our
repo
organization,
where
we
have
the
leverage
we
post
so
in
case
you
want
to
have
a
look
at
that
there
are
a
couple
of
main
repo
symptom,
the
main
main
ones
this
one
here,
it's
the
repo
that
contains
basically
the
middleware
itself,
so,
technically
speaking,
I
didn't
use
a
little
way
out
that
you
plug
it
into
an
a-student
co-host.
So
that's
what
you
find
here.
C
What
you
also
have
is
a
integration
for
internal
framework
and
integration
for
HP
identity.
Basically,
what
is
template
is
doing
it's
pulling
all
these
libraries
together,
as
Rob
mentioned
into
one.
You
know
sample
template.
If
you
like,
so
that's
there,
then
we
have
so
what
the
template
is
actually
doing.
Is
it
comes
with
with
the
you
know,
like
the
default
age
plate
identity,
you
eye,
which
you
would
also
get
if
you
are
using
MVC,
you
know
with
the
individual
authentication
option.
C
We
also
have
like
a
quick
starter
UI
as
well,
which
basically
is
a
repo
that
already
contains
MVC
fits
like
controllers
and
views,
and
you
know
CSS
and
these
things.
So
if
you
want
to
have
a
look
at
them
at
a
plane,
you
know
minimum
you
either
that's
a
login
page
of
about
page
of
content
screen
and
a
way
to
manage
grant,
and
these
things
that's
maybe
something
new
interests
as
well.
E
And
the
thing
to
that
is
it,
for
example:
maybe
asp.net
identity
is
your
user
database?
Maybe
it's
not
your
requirement
right.
Maybe
you
have
something
else.
Then
you
would
want
to
use
identity
server,
but
on
your
custom
user
database.
It's
not.
You
know
something
greenfield,
for
example,
and
so
this
QuickStart
gives
you
that
slice.
If
you
will
yeah.
C
So,
actually,
you
know,
one
of
the
reasons
we
created
I
didn't
like
the
first
place
is
that
we
have
a
lot
of
promises
in
there.
You
know
not.
Every
customer
has
the
luxury
of
starting
off
with
a
new
user
database.
So
the
reason
why
this
exists
actually
is
because
independent,
you
know
integrated
very
easily
into
existing
scenarios
and
as
process
if
you
want
to
start
from
scratch,
yeah
and
connect
to
a
back-end
existing
system.
Maybe
that's
that's
a
better
starting
point
and
then
using
a
standard
entity.
C
What
else
is
there?
We
have
templates
like
for.net
CLI,
you
know
like
the
new
templates,
where
you
know
you
get
like
a
like
an
in-memory
version
without
entity
framework
version
where
you
just
get
to
UI
bits
and
so
on,
or
with
a
simple
self-contained
admin
UI
for
example.
So
that's
what
you
can
also
do.
You
can
just
install
these
templates
that
thing
you'll
find
up
there
look.
What
else
is
there
instance
actually
that
we
found
out
a
lot
of
people
are
actually
using.
C
C
C
So
whenever
you
need
to
connect
to
an
open,
connector
or
provider.
So,
for
example,
Proctor
mentioned
a
JavaScript
library
that
the
template
is
using,
which
which
actually
lives
here.
26
line
is
it's
a
the
JavaScript
library
to
do
all
of
them
when
you
connect
them
to
off
stuff
from
JavaScript,
and
that's
exactly
what
it's
in
the
templates.
E
It
is
totally
like
a
vanilla
JavaScript,
you
know,
library,
so
that
that's
what
I
was
saying
about
how
obvious
template
is
adding
on
top
of
it,
because
you
have
a
react
and
an
angular
template
and
they're
adding
hair.
You
know
those
particular
paradigms
on
top
of
the
core
library
giving
you
the
core
functionality,
but
for
that
flavor
of
the
UI
stack
your
you
know,
UI
framework
you
want
to
use
yeah.
C
C
It
works
wherever
the
networks
and,
in
addition
to
that,
there's
my
DC
client,
which
is
for
native
clients.
You
know
like,
like
your
your
Android,
app
or
WPF,
or
your
your
reforms
every
all.
You
all
have
these
use
cases.
So,
if
you
wanna,
you
know
interactive
authentication
like
browser,
you
know
wait
for
these
littles
deciding
how
the
tokens
get
back
to
your
client-side
application
and
someone's
false.
That's
all
in
there
again.
C
C
Everybody
has
the
luxury
of
doing
that
full-time
and
not
even
everybody
agrees
on
the
word
luxury
yeah,
so
we
do
also
a
lot
of
training,
so
I
just
want
to
make
your
way
up
there
as
well.
So
on
this
page
here
you
can
get
basically
the
latest
updates
on
where
you
can
find
us,
like
you,
don't
like
to
do
it
in
person,
training
and,
as
you
can
see,
we
we
are.
You
know.
C
C
B
B
Then
I'm
logged
in
and
I
can
get
my
data,
and
this
is
this
is
service
that
is
in
deployed
into
production.
So
essentially,
to
recap:
what
we
did
was
we
created
the
app
we
created
the
database.
We
created
the
answer
website
with
a
keyboard
on
the
keyboard.
We
created
a
certificate
and
then
we
configured
beyond
you
use
the
the
certificate
from
from
keyboard,
and
essentially,
what
that
gives.
You
is
a
production-ready
experience
where
you
just
create
and
you
create
a
new
template,
a
provision.
B
A
B
B
Will
give
you
an
alert
I,
don't
know
the
details
of
a
of
the
integration
between
app
service
and
and
descriptive
and
keyboard,
but
as
long
as
it
gives
you
an
alert,
it's
an
improvement
like
many
people
have
done
like
coding
outages,
because
their
cert
expired
stuff
like
that
yeah,
so
I
think
like
keyboard
is
a
big
about.
Is
a
big
value.
Add
for
me
just
because
of
that,
because
I
don't
want
to
be
dealing
with
those
type
of
operational
concerns.
A
B
B
C
Maybe
it's
important
to
mention
that
identity
server
itself,
it's
it's
just
a
middleware
that
sits
in
sits
in
a
random
atrium
core
application.
So
in
other
words,
when
a
request
comes
into
your
application,
and
it
is
one
of
the
endpoints
which
are
described
in
the
open.
You
connect
specification.
We
take
the
request
and
handle
it
whenever
the
request
goes
to
any
other
page,
like
your
looking
page
or
your
own
page,
whatever
we
just
let
that
go
through
and
it
will
hit
your
application
basically
and
the
integration
point
between
identity,
server
and
hosting
application
is.
C
Is
that
you
give
us
basically
a
URL
in
there
that
we
call
whenever
authentication
is
required.
So
when
a
request
comes
in
for
a
token
and
the
user
is
anonymous,
we
just
redirect
to
that
registered
URL,
it
hits
typically
log
engage
and
what
you
do
on
their
login
edge.
It's
completely
up
to
you.
So
what
the
template
from
Microsoft
is
doing
is
it's
basically
pairing
our
middleware,
which
there
is
fall,
890
UI.
C
So,
as
Demeter
said,
if
empty
supports
Fido,
for
example
out
of
the
box,
then
you
would
get
a
feature
for
free,
but
even
you
know
even
today,
and
for
a
long
time,
if
you
want
to
write
your
own
login
page
and
one
in
your
profile,
I
mean
there
are
actually
open
source
and
commercial
products
out
there
that
integrate
cider
with
a
snack
or
I
mean
that
is
completely.
You
know.
A
E
A
couple
quick
ones
came
up,
one.
The
question
about
permissions
came
up
or
generally,
and
maybe
I'm
simplifying
the
question,
but
permissions
and-
and
you
know,
we've
we've
spoken
a
lot
about
the
the
identity
system.
We
don't
think
general.
It's
a
good
idea
for
putting
app
specific
permissions
into
it's
supposed
to
present
the
identity
of
the
user
over
to
the
app
and
generally
then,
in
the
app
the
app
figures
out
how
to
do
its
permissions,
and
you
know
that's
at
least
a
starting
point.
You
know
everybody
has
different
requirements
that
cause.
E
You
then
go
down
to
four
paths
for
solving
those
problems,
but
that
was
one.
Let's
see
what
was
some
of
the
others
in
there
tell
me
about
the
database
again
with
identity
server.
Dominic
just
described
this
right.
Identity
server
takes
the
result
of
whatever
the
user
authentication
is
an
issue
spoken
on
top
of
that.
So
how
you
store
users
in
the
database
is
entirely
up
to
you.
E
C
E
B
So
one
of
the
ideas
with
their
templates
and
the
integration
package
that
we
built
is
that
you
can
actually
replace,
like
individual
pizza,
mean
of
the
individual
pieces
whenever
you
need
more
more
granular
control.
So,
for
example,
the
the
DB
context
on
the
database
is
a
good
example.
We
give
you
a
DB
context
that
is
ready
to
go
with
the
default
user,
but
if
you
need
something
more,
a
more
custom,
you
can
go
back
to
the
to
simply
use
the
identity,
DB
context
and
unplugging
the
identity,
server
interface.
E
Another
question
came
up
about
claims
which
is
kind
of
related
to
the
permissions.
Conversation
is
well.
What
claims
can
you
issue
from
into
these
tokens
into
your
application,
and
the
answer
is
with
identity
server.
Anything
you
want.
That's
kind
of
the
whole
point
which
Dominic
talked
about
earlier
is
that
we
built
this
thing
all
about
giving
you
and
your
app
and
the
ability
to
do
the
customization
you
want.
A
C
Rob
mentioned
the
work
on
stick
out
a
couple
of
times,
I
think
even
better.
For
us,
it's
an
external
configuration,
it's
c-sharp,
audio
Bible
yeah.
So
it's
don't
don't
you
know
it's
not
a
huge
chasing
wall
or
even
word
like
a
yellow,
silas,
not
saying
it
yeah
to
pack
it
with
the
app,
and
so
you
know,
as
I
said,
the
reason
we
created
identity
when
the
first
place
is
because
we
and
our
customers
that
are
not
happy
with
the
off
relax
out
there
because
they
didn't.
You
know
we're
missing
one
or
the
other
feature.
C
A
Awesome,
okay,
well,
I
think
that's,
probably
a
good
place
to
wrap
up.
So
thanks
a
bunch
for
your
time.
Thank
you
for
we've
got
some
some
people
staying
after
work
hours
calling
in
from
Europe
so
I
definitely
appreciate
that,
and
you
know
thank
you
for
maintaining
this.
You
said
you've
been
working
on
it
over
11
years
now,
10
years.
C
A
All
right:
well,
let
me
see
I'm
setting
up
on
Twitch,
we'll
go
and
we'll
raid
Brian
lagunas
and
no
stand
up
next
week.
We've
got
dotnet
cough,
so
just
you
know
reminder
dotnet
cough
big,
we're
announcing
that
net
core
three
we've
got
three
full
days
of
presentations,
including
the
third
days
24
hours
straight,
going
all
around
the
world,
and
so
deaf
and
everything
will
be
recorded.
A
And
then,
following
that
we've
got,
we've
got
live
watch
parties
for
local
events
and
then
others
that
extend
all
the
way
through
the
beginning
in
November,
so
so
get
involved
with
those
and
we'll
be
people
will
be
giving
out
the
content
and
there's
local
events.
They'll
have
swag
that
we're
sending
them
and
all
kinds
of
good
stuff
commercial
over
okay,
thanks
so
I
think
if
Aaron's
watching
and
the
show
for
us
and
otherwise
we'll
sit
here,
you
know
we
can.