►
From YouTube: ASP.NET Community Standup - Sept 8 2020 - New Identity experience with Microsoft.Identity.Web
Description
The ASP.NET Core project templates now integrate with Microsoft.Identity.Web to handle authentication with Azure Activity Directory (Azure AD). Chrisos and JP will show you how the Microsoft.Identity.Web package provides a better experience for authentication through Azure AD as well as an easier way to access Azure resources on behalf of your users, including Microsoft Graph.
Community Links: https://www.theurlist.com/aspnet-standup-2020-09-08
Featuring: Christos Matskas (@ChristosMatskas), John Patrick Dandison (@AzureAndChill)
B
A
B
D
A
So
I'm
always,
of
course,
scouting
around.
What's
new,
what's
exciting,
what's
happening
with
asp.net
and
when
I
was
reading
the
latest
release
post
for
the
the
latest
preview.
That
was
one
of
the
features
that
was
called
out,
and
so
I
was
thinking
this
is
wonderful
because
I'm
I'm
interested
to
see
what's
new
christos
you've
gotten
super
blurry.
I.
A
A
A
First
of
all,
I
try
and
group
these.
By
the
way,
I
don't
know
if
it
helps
anyone
else,
but
it
helps
me
so
starting
off
with
some
blazer
links,
and
so
this
one's
nice
gerald
he's
writing
up
about
splitting
code
in
blazer
components.
So
you
know,
of
course,
the
kind
of
standard
when
you
do
new
blazer
component
you'll
get
everything
you'll
get
the
html
and
the
razor
code
together
and
that
that
works
in
some
cases,
but
in
other
cases
you
may
want
to
separate
this
out,
and
so
he
he
talks
about.
A
You
know
that
you
can
just
as
long
as
you
as
use
partial
classes.
You
can
split
that
out
and
talks
about
you
know.
Partial
classes
are
nice,
you
can
you
can
split
code
among
multiple
files.
He
also
talks
about
configuring
file
nesting.
So
you
know
especially
like
in
vs
code.
You
can
configure
how
those
those
are
nested.
A
So
that's
about
it
there
all
right
speaking
also
at
blazer
matthew,
has
a
nice
rundown
of
samples
for
teaching
yourself,
blather,
and
so
many
of
these
are
ones
that
we've
already
covered,
but
it's
nice
to
see
kind
of
a
wrap
up
and
explaining
them.
So
here
we've
got
this
awesome,
blazer
browser,
so
awesome
blazer
is
a
pretty
cool
site
where
they
just
list
out.
A
Here's
all
the
new
cool
stuff
in
blazer
world
and
here's
a
browser
that
browses
across
this
so
kind
of
meta
and
exciting,
so
some
sample
code
showing
that
so
vactanji
aka
lupusa
he's
got
a
lot
of
really
cool,
blazer
demos,
and
so
these
are
all
there's
github.
You
know
code
for
them
and
then
they're
in
browser.
A
A
So
this
is
wrapping
the
javascript,
so
he
he
uses
a
javascript
shim
and
then
and
calls
and
pulls
that
in
so
he's
here's
we
scroll
down
a
little
bit.
Here's
the
javascript
to
do
that
and
then
he
just
uses
interop
to
call
that.
So
so
then,
once
it's
all
done,
he's
got
a
video
source
and
he's
setting
the
video
source
he's
got
video
and
a
canvas
and
so
mapping
the
two
together.
So
there
you
go
and
one
other
neat
one
from
jimmy.
A
This
is
using
bluetooth
with
blazer,
so
here
he's
he's
showing
how
to
do
that
and
using
js
interop
again
and
he's
got
a
component
and
a
neat
little
sample.
This
is
crazy.
I
don't
even
know
I'm
trying
to
wrap
my
head
around.
What
exactly
I
would.
I
would
use
bluetooth
wise,
but
it's
it's
pretty
neat
to
see,
see
that
kind
of
blurring
the
lines
of
what
you
can
do
all
right,
congrats
to
the
peach
pie.
A
Folks,
so
peach
pie
is
php
running
on
net
core
and
it's
it's
pretty
cool
and-
and
they
do
answer
the
of
course
there's
the
questions
of.
But
why
would
you
do
that?
And
so
they
they
do.
You
know
kind
of
reiterate
that
I
feel
like
they
have
to
do
this
every
time
they
get
featured
on
hacker
news
or
whatever,
but
there's
there's
a
lot
of
really
cool
stuff.
A
Here
you
get
kind
of
the
best
of
php,
including
the
ecosystem,
wordpress,
and
you
know
all
the
other
kind
of
cms
systems
that
are
built
on
it,
but
you
get
the
speed
performance
and
security
of
net
core
the
portability
and
all
that
so
a
lot
of
really
cool
stuff.
Back.
When
I
was
working
with
dot
net
foundation,
I
helped
bring
them
into
dot
map
foundation,
and
so
that
was
really
cool
too,
and
then
they
have,
you
know
beautiful.
A
You
know
animated
animation
here,
showing
actually
in
visual
studio
and
getting
the
you
know
all
the
the
benefits
of
editing.net
core,
and
you
know
a
php
application
running
a
visual
studio.net
core,
so
just
magical
stuff,
so
congrats
to
you
folks.
All
right
here
is
just
a
neat
little.
You
know
because
we're
doing
a
lot
of
web
dev
stuff.
Here's
a
neat
html
attribute
I
had
not
even
realized-
was
a
thing.
This
is
the
autofill
spec,
so
this
is
in
the
html.
A
Specs
you'll
see
this
autocomplete
and
I'd
always
wondered
why
sometimes
especially
on
my
phone-
but
you
know
also
just
in
in
the
browser
some
websites
will
auto
complete
things.
Like
zip
codes-
or
you
know
even
things
like
one-time
codes
and
one-time
passwords,
so
there's
actually
a
spec
for
this
and
they
use
the
same
also
for
web
or
for
like
android
applications
and
and
iphone
apps
also.
So
this
is
a
good
thing
to
know
about
including
stuff
like
telephone.
A
You
know
all
your
pretty
much
all
kinds
of
stuff
like
new
password,
current
password,
here's,
the
one-time
code.
So
if
you're
doing
a
one-time
code,
phones
can
actually
when
they
receive
these
texts,
they
know
how
to
understand
that
and
map
that
in
so
I
thought
this
was
really
cool,
so
this
is
in
the
html
specs
and
then
also
the
mozilla
docs
mdn.
A
They
also
kind
of
go
into
some
detail
here
about
this
autofill.
So
and
again,
all
this
stuff,
usernames
passwords,
addresses
so
help
your
users
out
and
use
these
on.
Your
forms:
good,
stuff,
okay,
here's,
here's,
a
cool
one,
so
cecil,
just
a
quick
tweet
here
about
the
tags
attribute
when
you're
using
project
hi.
So
with
the
tags
attribute,
you
can
map
specific
things
in
your
tie
file.
Your
tie,
yaml
and
you
can
say
then
you
can
when
you
want
to
start
things
up,
you
can
say
just
run
these
ones
using
these
tags.
A
So
this
this
is
really
nice,
especially
in
applications
where
you're
doing
things
that
have
complicated
tokens.
I'm
imagining
you
know
christos
and
jd,
like
you
run
into
this
stuff
with
identity
things
right,
and
so
these
complicated
tokens
and
being
able
to
replay
and
debug
a
request
is,
is
a
nice
feature
so
and
then
there's
more
information
in
the
docs.
You
know
digging
into
this,
but
so
really
cool
feature.
This
is
an
experimental
feature,
so
you
have
to
enable
it
and
it's
just
in
canary
but
absolutely
worth
running
canary
just
for
that.
A
Docs
update
from
james,
so
james
has
been
updating
the
the
docs
for
performance
recommendations.
For
so
you
know
best
practices
for
grpc,
so
really
cool
to
see
that
so
lots
of
updates
here,
reusing
channels,
concurrency
keep
alive
bi-directional
streaming.
All
the
good
stuff
and
james
has
also
been
just
asking
people
on
twitter,
like
hey,
which
docs
do
you
want
to
see
me
update?
So
you
know
let
them
know
this.
This
is
the
time
where
you
know
api
services
are
kind
of
finalizing.
A
You
know
all
the
last
kind
of
last
minute:
pr's
are
getting
wrapped
up
for
net
five
and
people
are
now
moving
to
updating
all
the
docs,
so
there
you
go,
and
the
last
one
I
have
to
share
is
just
the
blog
post
here
on
asp.netcoreupdate.net
5
preview
8.
This
includes
a
lot
of
stuff
that
we've
had
on
the
show
recently,
so
things
like
blazer,
we
have
css
isolation,
lazy
loading
that
was
all
on
the
blazer
show.
We
did
recently
a
lot
of
blazer
stuff.
A
Some
cool
stuff,
like
model
binding
with
c
c,
sharp
nine
record
types,
which
is
pretty
slick,
auto
refresh
with
netwatch.
I
know
people
have
been
wanting
that
for
a
long
time,
but
one
that
really
caught
my
attention.
I
said
I
gotta,
I
gotta
ring
up
christos
and
find
out
what's
going
on
what
is
the
deal
with
microsoft.identity.web
and
I
think
with
that
I
will
just
pass
on
over
to
you
folks.
B
Nice
well
thanks
for
having
us
and
we're
delighted
to
talk
about
identity
right
in
any
form
or
manner.
In
fact,
as
as
you
were
talking
about
james
new
york,
king
doing
the
grpc
stuff,
I
have
in
the
oven
a
blog
post
about
doing
grpc
with
the
latest
identity
web
library
that
we're
going
to
be
talking
about
so
authenticating
your
grpc
services
and
being
able
to
call
graph
or
other
downstream
apis
super
efficiently.
So
you
have
a
front
end.
B
A
B
B
A
B
A
C
A
Fun
we
have
people,
you
know
greece,
san
martin,
brazil.
I
mean
we
had
somebody
in
india.
We
have
vietnam,
we
had
algeria
earlier,
I'm
it's
just
really
exciting
to
connect
with
the
developer
community
all
around
the
world.
So
yes,
thank
you
for
watching,
including,
I
don't
even
know
middle
of
the
night.
Whatever
time
it
is
so
south
africa.
A
B
A
B
Refresh,
let's
refresh
this
one
and
before
we,
we
start
talking
about
identity,
a
quick
introduction
me
and
jp
work
as
developer
advocates
for
the
microsoft
identity,
team,
we're
pms
and
we
deal
with
identity
of
all
forms
and
manner
azrae
the
btb.
And
what
have
you
and
our
goal
is
to
come
out
and
educate
you
guys,
so
we
stream
as
well
at
the
425,
show
every
tuesday
and
thursday
at
7
a.m.
Pacific
time,
10
a.m,
eastern
time.
B
A
C
C
C
These
two
are
what
we
feel
are
you
know
this
is
what
we
feel
our
customers
talk
about
when
they're
in
the
subway,
together
with
their
friends,
I've
gotten
kind
of
I've,
gotten
kind
of
weary
of
having
to
use
corporate
and
corporate
decks,
and
so
I
thought
well.
We
should
at
least
try
to
have
fun
with
it.
C
A
Personally,
I
mean
I've
I've,
given
texts
and
I've.
I've
helped
with
docs
and
reviewing
we're
working
on
docs.
Now
on
how
to
update
to
the
latest
asp.net
core
and
including
you
know,
people
moving
from
like
web
forms
or
nvc
and
that's
one
of
the
hardest
parts
right
is
like.
How
do
you
update
your
identity
stuff
because
yeah
yep.
C
So
we'll
talk
about
sort
of
how
it
fits
in
with
all
these
other
pieces
and
then
christos
is
going
to
show
you
how
to
do
it
in
a
new
project,
because
some
of
those
new
templates
are
going
to
be
available
and
then
I'm
going
to
show
you
how
to
do
it
in
an
old
project.
And
when
I
say
old
I
mean
maybe
three
or
four
months
old.
C
But
the
way
you
had
to
do
it
you
know
a
few
months
ago
is
different
from
the
way
you
have
to
do
it
today,
or
at
least
what
you
can
do,
but
I
think
I
think
it'll
be
really
good
because
it's
quite
it's
quite
an
interesting
experience.
Of
course.
The
first
thing
is:
saving
your
own.
Storing
your
own
user
passwords,
oh
yeah,
you
can
do
it.
If
you
want,
we
don't
want
you
to
do
it.
I'd
say
there
are
probably
a
lot
of
different
reasons
why
you
shouldn't
do
it?
C
Many
of
those
are
on
the
screen
right
now.
But
of
course,
is
that
when
you
have
your
own
password
database
now
you
have
a
lot
of
people
who
are
going
to
come
after
you
right
because
that's
some
of
the
most
sensitive
data
and,
of
course
we
know
what
people
do,
which
is
summer.
2020
is
terrible.
Exclamation
point
exclamation
point
is
the
password
that
they
use
and
they
use
that
everywhere.
They
use
it
at
work,
they
use
it
at
their
bank,
they
use
it
at
their
dog
walking
service.
C
They
use
it
for
everything
that
they've
got,
and
so
we
don't
want
people
to.
We
don't
want
developers
to
have
to
deal
with
that,
like
that's.
Not
something
I'd
ever
want
to
take
on.
You
know
like
10
years
ago
was
when
I
built
my
first
app
in
azure.
That
was
for
the
public
right
and
back.
Then
we
had
something
called
azure
access
control
services,
which
was
sort
of
a
sort
of
an
extremely
simplified
version
of
of
azure
id.
C
As
we
know
it
today
and
I
sort
of
instantly
fell
in
love
with
it
of
I
don't
have
to
deal
with
this
on
my
own.
I
can
let
somebody
use
a
password
they
already
have,
and
I
can
let
somebody
else
or
some
other
group
of
people
like
the
azure
id
team,
for
example,
they
can
build
a
reliable
identity
service,
that's
ultra
secure
and
has
lots
of
people
watching
it
and
keeping
an
eye
on
it,
and
I,
as
a
developer,
who
just
needs
to
get
an
app
out
right.
I
don't.
C
I
don't
need
to
be
an
identity
pro.
I
just
want
to
get
work
done.
I
can
go
use
that
service
and
that's
key,
because
you
don't
need
to
be
an
identity
pro
in
order
to
use
our
stuff
and
and
what
we're
going
to
see
with
identity.web,
as
we
get
a
whole
closer
to
preventing
you
from
having
to
have
really
really
deep
identity
knowledge
to
get
there
right.
C
C
And
when
integrating
identity
is
the
15th
item
on
your
200
item
punch
down
list,
you
don't
really
care,
you
should
get
done
right,
and
so,
if
we
look
at
what
we
had
sort
of
today,
right
or
yesterday,
we've
got
two
different
libraries,
two
main
different
libraries,
there's
asp.net
core
authentication
and
that's
the
thing
that
we
use
for
getting
a
user
signed
into
an
app
right.
So
that's
the
open
id
connect
middleware
and
the
cookie
middleware,
all
the
stuff.
You
have
to
configure
to
get
a
user
signed
in.
C
You've
got
to
do
that
on
your
own
and
that's
not
very
fun,
because
those
two
experiences
are
pretty
different
right,
so
you've
got
to
know
when
to
hook
into
different
things
and
oh
this
event
happens
in
open
id
connect
which
what
is
open
id
connect.
What
does
that
even
mean?
I
don't
know
because
I
just
want
my
app
to
work.
I've
got
to
go
hook
into
an
event
and
send
some
tokens
over
here
and
make
these
calls
over
here,
and
it's
just
it's
super
complex
and
annoying,
especially
if
it's
not
your
thing,
yeah
was
that.
A
You
know
what
I
felt
like,
I
learned
at
points
in
time
like
open
id
and
then
I
was
like
okay,
fine,
I
gotta
learn
oauth
and
I
learned
that
and
then
there's
no
id
connect
and
then
there's
versions
of
the
specs
and,
like
you
said
it's
it's
a
bad
thing
to,
even
even
if
you
I
don't
know
like
you've
got
to
keep
up
with
it
and
then
there's
security
issues.
And
it's
like
it's
not
it's.
I
want
to
trust
somebody
else.
A
C
I
right,
like
I,
don't
want
to
write
identity
code
all
day,
and
we
hear
this.
We
hear
these
stories
of
these
mythical
identity
developers
at
big
companies
like
walmarts
and
the
coca-colas
of
the
world.
You
know
these
huge
mega
corps
and
I'll
be
honest.
I've
really
never
met
that
many
of
them
I've
met
a
lot
of
people
who
need
to
develop
with
identity
solutions.
C
I
need
to
just
you
know,
design
identity
into
a
solution,
but
with
the
exception
of
us
with
christos
and
I
and
the
rest
of
our
rest
of
our
team,
I
don't
really
know
that
many
people
who
would
self-identify
as
oh
yeah
I'm
an
identity
developer.
I
totally
do
this
all
day
right,
and
so
we
want
to.
We
want
to
make
that
experience
as
simple
as
possible.
C
In
addition
to
that,
and
then
those
two
things
sort
of
play
together
so
that
later
on
in
your
app,
you
can
make
a
protected
request
to
an
api
or
to
the
graph,
or
something
like
that,
that
you
can
go
request
a
token
with
themselves
and
then
go
and
make
this
http
call
identity.web
aims
to
simplify
all
that.
So
instead
of
having
these
two
different
experiences,
these
two
apis
that
you
have
to
learn.
C
C
If
you
need
more
complex
scenarios,
so
we
can
get
you
we
can
get.
You
started
and
get
the
flywheel
going
really
quickly.
But
if
you
need
to
step
to
the
side,
because
you
have
a
specific
requirement
or
because
there's
something
that
you
you
know
some
part
of
the
identity,
experience
that
you
need
to
tweak
or
manage
on
your
own,
there
are
lots
of
ejection
points
to
be
able
to
do
that.
C
So
if
we
look
at
sort
of
the
relationship
between
all
of
these
on
the
on
the
top
level,
these
are
all
the
individual
pieces
that
you
need
to
make.
This
work
open
id
connect,
authentication,
cookie,
authentication,
jwt
bearer.
If
you're
using
apis,
you
need
views
and
an
account
controller
just
to
initiate
an
authentication
right.
C
C
Oh
sure,
it's
a
microsoft
identity,
a
microsoft
authentication
library.
It
is
the
primary
mechanism
or
primary
library
for
getting
tokens
from
azure
id
okay.
So
if
you
need
an
access
token
to
talk
to
an
api
like
one
of
our
own
like
graph
or
azure
management
apis
or
if
you
need
a
token
to
talk
to
your
own
apis
that
have
been
configured
to
be
protected
with
azure
id,
you
need
to
use
emcell
to
get
a
token
cool.
C
So
that's
our
primary
token
acquisition
sort
of
mechanism,
but
it
was
wholly
independent
of
how
you
signed
into
an
app
because
those
two
activities
are
kind
of
different.
One
of
them
is,
I
need
to
sign
into
a
specific
application,
but
then
that
specific
application
may
make
a
call
to
another
to
another
api
to
the
graph
or
to
a
downstream
api
that
supports
your
app
and
that
would
require
using
msl
to
go
and
get
a
token
to
go.
Talk
to
that
app.
C
So
now
our
new
thing
is
identity.web,
which
does
all
of
the
work
of
all
these
boxes
of
configuring,
all
these
different
boxes
and
getting
everything
where
it
needs
to
go
all
that's
done
by
identity.web.
So
you
don't
have
to
do
it.
You
don't
need
to
know
what
all
these
different
things
are.
You
just
need
to
configure
identity.web
appropriately
and
all
these
other
things
light
up
all
right
now.
How
much
would
you.
E
C
That
sound
good,
yeah
so
and
and
we're
going
to
look
at
some
codes,
we
don't
we
don't
spend
too
much
time
here,
but
in
particular,
specifically
the
getting
tokens
experience
is,
is
infinitely
better.
I
think
that
what
you've
got
today,
where
you've
got
these
two
really
distinct
activities
that
you
have
to
do
this
middle
one
here
of
getting
tokens
and
calling
apis.
I
think
that's
the
that's
one
where
you'll
see
sort
of
the
most
optimization
to
a
developer's
workflow,
so
christos
is
going
to
walk
you
through.
C
A
B
Was
I
was
just
about
to
beat
you
to
that,
but
you
beat
me
anyway:
there
you
go
so
this
is.
Thank
you,
john.
Thank
you
for
being
there
to
keep
me
straight.
This
is
a
final
new
project.
This
is
net
new
asp.net
razer
pages
right,
and
this
is
what
comes
out
of
that.
So
we
don't
have
any
authentication
here
to
work
with
and
our
goal
is
to
maybe
authentication.
So
we
started
a
project
or
we
have
a
brand
new
project.
We
want
to
add
authentication.
B
B
So
if
I
were
to
add
authentication
here,
let
me
quickly
switch
tags,
so
it's
cut
with
tags.
I
don't
know
if
anybody
else
likes
this
way,
but
I
write
my
code
and
then
I
tag
it.
So
if
I
change
now
what
we
did
here,
let
me
that
did
not
add
the
appropriate
stuff.
Anyway,
we
can
fix
it.
It's
fine,
so
here
you'll
notice
that,
first
of
all,
we
need
to
bring
the
appropriate
library-
and
this
is
the
old
one.
B
B
B
You
pull
the
information
like
the
the
domain,
the
tenant
id
and
the
client
id
the
instance
remains
the
same
and
then
in
our
code
in
our
startup,
all
we
have
to
do
is
to
say
add:
microsoft,
identity,
web
authentication
in
our
controllers
also,
we
need
to
add
the
ui
elements
for
this
and
then
in
our
controllers
we
have,
in
the
view
sorry
under
shared
there's
a
login
partial.
So
the
the
one
difference
here
is
that
now
the
area
is
microsoft.
B
Identity,
I
think
in
the
past,
was
azure
id
and
then
everything
else
remains
the
same
and
in
one
of
our
controllers,
what
I've
done
here
is
in
our
controller.
I
have
unauthenticated
access
to
index
and
then
I
require
people
to
authorize
when
they
hit
the
privacy
page.
So
if
we
were
to
run
this
one
again,
one
liner
right,
I
did
not
have
to
add
any
complex
stuff
into
the
code.
If
we
run
this
one.
A
C
A
We
were
talking
about
that
a
bit
earlier,
but
that's
always
been
part
of
the
pain
is
not
just
that
it's
it
seems
like
every
update
to
asp.net
core
is
a
new
thing.
I've
got
to
learn,
but
also
updating
previous
code.
It's
like
I
don't
know,
and
if
I've
got
data
in
a
database,
it's
even
worse
correct
token.
All
that.
B
A
A
B
C
It
is
so
in
in
api
projects.
There
are
really
two
main
sort
of
two
main
considerations.
One
is
I
need
to
validate
tokens
that
are
incoming
right,
so
I
need
to
check
the
token
signature
is
valid
and
make
sure
it's
it's
got
the
correct
scopes
and
that
it's
got
the
correct
audience
all
the
things
that
go
into
making
a
token
quote
valid
right.
So
they're,
it's
essentially
the
same
one-liner.
C
So
if
your
vs
code
is
too
zoomed
in,
for
example,
you
won't
see
that
there's
a
difference
between
api
and
app
and
you'll
put
the
wrong
one
in
there.
So
there's
there's
that
side,
but
then
there's
also
the
side
of
a
an
api
that
needs
to
make
a
an
api
call
itself,
which
is
what
typically
called
the
on
behalf
of
flow.
Where
my
client
app
a
mobile,
app
or
web
app
has
called
into
an
api
and
then
that
api
needs
to
go
as
me
to
another
api
and
that
that
scenario
is
also
supported
in
identity.web.
C
That's
right
so
yeah
so
from
from
xamarin.
For
example,
there's
there's
msl
because
largely
in
xamarin,
if
I'm
sitting
in
front
of
a
mobile
device
or
or
even
a
bigger
device,
msyl
handles
signing
the
user
in
and
getting
tokens
for
them.
Just
by
virtue
of
the
fact
that
it's
a
little
bit
different
when
you're
in
front
of
a
web
app
versus
when
you're
in
front
of
a
mobile
app
or
a
desktop,
app
and
so
imsil
does
handle
sign
in
for
you
there.
E
A
C
So
this
library
is
geared
towards
using
our
endpoints
for
azure
id
and
identity
and
microsoft
identity
platform.
Most
of
what
we
do
is
standards-based,
so
all
of
the
azure
id
and
microsoft
identity
endpoints
are
standards-based,
so
it's
possible.
It
might
work,
especially
if
you
change
the
authorities,
but
there
are
probably
some
specifics
around
our
implementation.
That
would
cause
it
to
break.
So
I
would
say
it's
absolutely
not
a
supported
path,
but
it
might
work.
A
B
C
3
1
3
1
and
up
yep,
so
the
templates
will
be
available
in
visual
studio
relatively
soon.
I
think
they're
coming
in
as
part
of
net
five,
but
there
are
preview
templates
already
out
today
and
the
library
itself
has
has
been
out.
It's
been
out
for
a
little
while
too.
So
it's
all
available
today
and
we're
looking
for
ga
relatively
soon
too.
Before
the
end
of
the
year.
Okay,
cool,
yeah,
okay,
we're
you
gotta
work
in
christos
over
there.
B
B
So
I'm
gonna
close
this
one
so
cancel.
I
just
wanted
to
show
that
for
a
file
new
project,
if
you
were
to
do
it,
you
add
the
the
appropriate
package
references
and
then
in
the
startup
you
come
here.
You
add
the
appropriate
microsoft
end.web
and
then
in
here
you
add
the
configuration
for
signing
in
and
authentication
down
here,
as
well
as
the
huge
authentication
here
and
does
work,
but
I
don't
want
to
run
this
one.
I
want
to
go
back
into
my
proper
demo.
B
A
B
A
B
I
think
so
in
the
docs
there's
information
about
how
to
go
and
override
it.
So
this
is.
This
is
a
working
solution
here
you
know
so
the
home
page
is
not
authenticated
and
then,
if
I
go
into
my
privacy
page,
it
will
redirect
me
to
the
auth
endpoint.
I
have
my
custom
tenant.
So
let
me
just
grab
my
password
super
long
super
secure
and
then
paste
this
one
here.
B
B
Right,
yes,
it
is,
that
is,
and
there
you
have
it.
So
it
pulled
my
information
from
the
azure
id
you
put
it
there
and
it
populates
the
context.identity.user
and
all
the
information
is
available
to
us
and
I
just
wanted
to
quickly
switch
into
the
api
configuration,
because
people
may
have
questions
about
that
as
well.
So
in
this
specific
sample,
I
have
in
front
of
me
again
you'll
notice
that
we
have
the
packets.
We
don't
need
to
include
ui,
because
we
are
working
with
apis
and
then
inside
my
startup.cs
you'll
notice.
B
People
that
have
worked
with
identity
will
probably
identify
this
one
or
authorization.
We
have
a
scope,
and
inside
my
get
I'm
only
doing
one
call
check
this
out
with
one
line.
I
can
verify
if
my
user
has
already
the
accepted
scopes
and
then
I
can
move
on
to
either
accept
or
or
drop
the
request
if
the
appropriate
scopes
have
not
been
requested
for
my
apis,
so
I
don't
have
to
create
like
20
lines
of
code,
to
do
that.
Everything
is
out
of
the
box.
B
And
now,
if
I
wanted
to
my
api
to
call
another
api,
then
I
have
to
do
this.
One
say
enable
token
acquisition
to
call
downstream
api,
and
in
that
case
we
also
need
to
add
some
talking
cases,
so
you'll
notice
that
there
are
some
options
there
for
talking
cash.
You
can
roll
your
own.
Anything
in
fact
that
derives
from
an
eye
distributed
token
cast
is
available
and
fair
game.
So,
if
I
do
dots,
intellisense
is
not
playing
game
with
me.
Today.
Oh
come
on
distributed.
B
B
A
Was
a
specific
question
that
just
got
asked
so
in
the
past
I
tried
to
use
microsoft
graph
with
msl
and
I
gave
myself
a
headache
I
mean
it
was.
There
was
a
lot
of
tokens
and
confusing
things
I
didn't
understand
and
I
felt
like
I
was
having
to
learn
about
specs
and,
like
you
were
saying
earlier
jp,
I
don't
I
don't
care.
I
just
want
my
app
to
work.
You
know
exactly
yeah.
B
Exactly
and
that's
a
fairly
new
addition,
it
wasn't
even
part
of
the
previous
api
version
that
I
was
working
with.
So
as
we're
nearing
the
the
ga
you'll
see
that
all
these
things
are
settling
down
and
we've.
These
teams
are
working
very
closely
with
each
other
to
make
sure
that
we
enable
api,
talking
acquisition
and
making
it
very
very
easy.
So
here
you
are
with
ad
max
of
graph,
you
get
the
appropriate
tokens.
You
have
everything
you
need.
A
B
Yeah
or
your
enterprise
right,
so
you
can
access
serpon,
you
can
access
one
drive.
You
can
programmatically
in
fact,
the
app
that
we're
building
on
the
previous
stream
was
about
pulling
the
people
that
you
frequently
work
with
through
the
graph
api
and
then
being
able
to
interact
with
them
through
your
mobile
app
right
so
and
that
that's
a
single
call
to
people
api,
which
is
great.
A
And
that's
exactly
the
use
case
I
used
it
for
was
inviting
people
to
a
domain
and,
and
you
know
sending
invite
emails
and
handling
managing
those
user
emails.
And-
and
in
the
case
that
I
did,
I
wrote
a
bunch
of
powershell
and
then
I
wrote
a
building
into
an
app,
and
so
this
this
is
beautiful.
It
makes
me
happy
to
see
this.
B
B
I
don't
know
if
we
already
mentioned
that
since
I
was
so
focused
on
my
code
but
adal,
which
was
the
previous
version
of
our
library
to
communicate
with
azure
id
and
btc
is
actually
going
away.
We
announced
and
saw
setting
of
the
library
as
of
june
this
year
and
you
have
two
years
to
migrate.
So
if
you
are
building
brand
new
apps,
we
definitely
want
you
to
start
using
amsoil.
If
you
have
existing
web
apps,
then
you
can
also
take
your
older
authentication
and
move
it
to
the
latest
identity
web.
B
If
you
are
using
s
net
core
and
we've
done
quite
a
few
migrations
as
well
in
our
stream
and
our
blogs.
So
we
want
people
to
be
aware
that
msl
is
going
to
be
the
new
de
facto
and
then
a
dial
is
going
to
be
away.
So
we
give
you
two
years
to
migrate
and
jp
is
going
to
show
you
how
you
take
a
legacy
app
if
you
want
to
call
legacy
app
for
four
or
five
months
ago
and
migrate
into
the
new
identity
web
yeah.
C
A
C
Is
this
I
like
it?
This
is
outrun
electric
sorry.
I
was
a
child
of
the
80s.
I
remember
playing
outrun
in
the
like
in
the
arcade,
which
was
a
place
where
they
had
video
games
that
were
not
at
your
house
that
you
went
and
put
coins
into
play
just
for
for
anyone,
who's
not
familiar,
and
I
used
to
love
it
and
it
was
so
much
fun,
and
then
I
found
this.
I
thought.
Oh,
it's
actually
not
too
bad
on
my
eyes.
It
might
be
hard
to.
C
I
hope
it's
not
hard
to
see
here
because
I've
been
using
it
for
like
the
past
month
on
stream,
but
we'll
get
zoomed
in
a
little
bit
and
and
take
a
look
so
so
this
isn't.
This
is
an
older.
When
I
say
older,
I
mean
it.
It
may
be
nine
months
ago,
ten
months
ago,
it's
not
super
super
old
and
it
goes
through
the
different
ways
that
you
have
to
configure
azure
ad
m
sal,
and
if
you
wanted
to
use
azure
id
authentication,
you
may
end
up
with
code
similar
to
this.
C
If
you,
if
you
used
it
just
the
other
day,
and
so
in
our
services,
the
first
thing
we
have
to
do
is
add.
Open
id
connect
and
open
id
connect
is
the
protocol
that
underpins
most
of
the
the
sort
of
modern
authentication,
it's
sort
of
like
an
extension
of
oauth
2
to
also
include
user
data.
So
if
you
used
oauth
2
in
the
past,
primarily
it
was
intended
for
you
to
access
somebody
else's
resources
so
to
access
the
users
photos
on
facebook,
for
example,.
A
C
Yep,
okay,
so
open
id
came,
connect.
The
whole
point
of
that
was
to
sort
of
bolt
on
some
stuff
to
oauth
2.
To
make
that,
like
a
proper
use
case
of
oh,
you
want
to
authenticate
a
user
cool,
we're
going
to
send
you
an
id
token,
which
has
a
bunch
of
data
about
the
user.
In
addition
to
any
sort
of
access
tokens
you
might
use
to
connect
to
their
twitter
account
and
and
send
a
tweet
and
to
have
access
to
do
things.
C
So
you
had
to
go
and
configure
the
open
id
connect,
endpoint
or
a
middleware
in
order
with
all
the
different
pieces
of
information
and
if
you're,
not
an
identity
pro
and
you're,
not
someone
who's,
doing
identity
work
on
a
regular
basis.
Most
of
this
is
probably
moon
language,
because,
what's
an
authority
I
don't
know,
I
don't
know
me,
I'm
authority
of
myself
right,
my
mother,
you
know
the
cops.
I
don't.
C
C
Then
we
get
down
into
the
configuration
which
is
when
we
go
and
start
using
m-style
again
so
in
here
this
whole
blob
of
code
is
to
take
msl
or
to
let
m-style
take
a
what
we
call
authorization
code
to
go
back
to
azure
id
and
say
give
me
an
access
token.
So
this
is
all
the
protocol
detail
leaking
out
that
you
have
to
understand
in
order
to
code
against
it
correctly
right,
yeah.
C
A
C
Or
whatever
right?
Well,
that's
and
that's
that's!
The
thing
is,
it
is
so
sort
of
just
completely
weird
and
foreign
that
you
end
up
with
a
lot
of
copy
and
paste
code,
and
you
end
up
with
finding
samples
and
some
of
the
samples
are
out
of
date
or
they're,
not
covering
certain
parts
of
the
experience
that
you
need
to
be
worried
about,
and
then
you
end
up
putting
things
at
risk,
because
maybe
your
app
has
a
hole
that
you're
not
expecting
or
tokens
not
being
validated
correctly
and
there's
a
whole
lot
of
risk.
C
A
C
C
Yes,
so
the
fact
that
we
can
delete
this
code
and
that
my
app
will
still
work
and
sign
us
in
oops,
which
I'll
run
it
just
somewhat
of
a
morbid
curiosity,
but
this
should
be
all
that
we
have
to
make
changes
for
so
I'm
gonna
run
this
app,
and
this
should
get
me
signed
in
with
my
with
my
side
account.
So,
let's
see
what
happens,
we'll
go
to
localhost
5001
and
I'm
signed
in
look
at
that
whoa
yep.
So
there
are
all
the
claims
that
I
had
now
I'll.
C
Do
it
in
a
private
window
just
so
just
so
nobody
thinks
I'm.
You
know
this
is
a
cooking
show
where
we
pre-baked
it
all
look
at
us.
It
came
out
of
the
oven
you
know
so
I
tried
to
so.
I
tried
to
go
to
the
app
right,
localhost
5001
and
I
get
automatically
redirected
over
here
to
sign
in
so
I'll
sign
in
to
my
azure
id
tenant
and
I'll
put
in
my
password
and
I'll
get
a
multi-factor
thing
on
my
phone.
C
C
So
we
managed
to
replace
a
ton
of
code
with
a
one
liner,
which
is
super
awesome
right
and
to
go
back
to
the
question
earlier
about
the
ui,
the
reason
because
you'll
notice
in
here
I
don't
have
any
of
those
ui
packages.
In
fact
it's
not
even
included
in
here
so
that
microsoft.identity.web.ui
package-
it's
not
even
here,
because
I
didn't
need
it
for
my
for
my
specific
app,
because
I
was
handling
it
on
my
own.
So
what
those
ui
packages
do
is
they
essentially
add
like
a
challenge
method,
which
is
when
somebody's
unauthenticated?
C
You
do?
What's
called
a
challenge
and
that
challenge
is
what
redirects
them
over
to
azure
id
or
wherever
right,
and
so
those
ui
packages
handle
both
the
pages
that
send
you
somewhere
like
send
you
over
to
entry
d
and
then
also
the
pages
that
will
receive
it
when
it
comes
back,
but
they're
not
required.
So
if
you
wanted
to
build
your
own
pages,
you
end
up
doing
something
like
really
the
essentially
something
like
a
like.
C
You
have
an
authentication
provider
and
then
it's
a
sign
in
async
or
challenge
async,
and
you
put
this
into
one
of
your.
You
put
this
into
one
of
your
controller
methods.
So
if
you
had
your
own
sign
in
page
or
whatever,
and
then
it
would
handle
it
for
you,
the
other
way
to
do
it,
which
is,
in
my
opinion,
even
easier,
is
to
use
authentication
policies
or
authorization
policies
in
asp.net
core.
So
that's
just
part
of
asp.net
are
these
authorization
policies,
and
in
here
we
go
look
at
a
controller.
C
Let's
look
at
this
controller,
so
this
controller
has
an
anonymous
page,
but
then
it
also
has
these
two
schemes.
So
this
scheme
is
for
azure
ad
and
this
scheme
is
for
azure
adb
to
see
you
could
have
25
of
these
schemes.
If
you
wanted
one
for
twitter
one
for
facebook,
one
for
your
corporate.
You
know
whatever
by
using
these
schemes
when
we
have
this
authorized
tag
on
here.
The
authorized
attribute
for
a
specific
scheme
will
send
a
user
down
that
specific
scheme
right.
So
I've
only
got
one
registered.
C
I've
only
got
azure
ad
registered
here
in
startup,
which
is
what's
happening
with
this.
But
if
we
wanted
to
add
five
other
identity
systems
here,
we
could
add
each
one
of
them
and
give
them
a
specific
name.
So
add
microsoft,
identity,
web
app,
authentication
and
you'll
notice.
One
of
the
overloads
here
is
a
config
section
name
so
I'll
send
it
in
the
configuration
and
I'll
call
this
one.
You
know
b
to
c
hey
john.
B
C
Here's
the
seat
here,
please
don't
use
my
speakers
against
me
until
I'm
off
of
this
call,
but
this
is
what
I
have
settings
that
json
looks
like
pretty
straightforward.
In
fact,
I'm
going
to
delete
this
one,
even
though
I
guess
you
could
rewind
it
and
go
back,
it's
like
the
streisand
effect
by
deleting
it
I'm
calling
attention
to
it
and
everybody's
going
to
find
it.
C
So
the
configuration
a
lot
of
this
if
you
go
through
visual
studio
and
use
the
visual
studio
templates.
A
lot
of
this
is
already
generated
for
you.
Yeah,
but
instance,
will
almost
always
be
this
unless
you're
using
a
sovereign
cloud
like
azure,
china
or
azure
government,
your
domain
is
your
azure
id
tenant,
name
or
domain
name
right.
So
this
is
in
the
azure
80
portal.
You
can
also
use
a
custom
domain,
so
if
you've
already
got
one,
you
can
just
use
a
custom
one.
You
don't
have
to
remember
your
current
one.
C
You
can
use
whichever
one
you
want.
Your
tenant
id
is
your
id
of
your
specific
tenant
so
very
similar
to
this.
Only
it's
the
grid
representation
of
your
tenant,
maybe
not
representation.
It's
not!
The
right
word
there's
no
translation
between
a
string
and
a
grid
here,
but
and
then
your
client
id.
This
is
also
known
as
your
application
id.
C
So
when
you
go
through
the
process
of
registering
an
app
which
is
all
sort
of
outlined
in
the
docs,
you'll
get
a
client
id
you'll,
get
a
client
secret
and
then
these
callback
path
and
redirect
redirect
uris.
These
are
both
used
for
both
where's,
the
user,
going
to
come
back
and
then
which
redirect
uri
have
you
registered
in
your
application.
So
if
you
go
through
the
dock
that
says
this
is
how
you
register
an
app
and
azure
id.
You
will
have
pretty
much
every
piece
of
information
that
you
need
to
build.
C
C
So
one
of
the
big
changes
we've
seen
recently
is
there's
now
something
called
authorization
code
with
pkce
or
pxe
public
key
approved
key
proof,
key
code
exchange,
which
is
a
protocol
detail
that
nobody
actually
needs
to
care
about,
and
the
thing
is
this
uses
that,
but
you
don't
need
to
know
anything
about
it.
You
don't
have
to
deal
with
it,
and
so,
as
the
standards
change
and
as
the
protocols
change,
we
make
sure
the
libraries
are
kept
up
to
date
to
map
to
those.
C
A
And
so
like
what
I'm
hearing
from
this,
and
also
like
learned
from
previous
pain
from
doing
things,
the
wrong
way,
I
don't
want
to
customize
and
extend.
I
want
to
use
the
things
that
are
provided
for
me
like
using
the
policies
using
the
claims
using
the
built-in
stuff
as
much
as
possible,
and
let
you
worry
as
long
as
I'm
keeping
with
the
standards,
hopefully
that
stuff
moves
smoothly.
A
A
Wow,
I
mean
there's
a
decent
amount
of
questions.
One
one
question
that's
come
up
is
like
both
of
you
have
shown
some
sample
code.
I
I
included
a
link
in
the
chat
to
the
the
docs,
the
so
github
azure
id
and
microsoft
identity,
web
and
then
there's
some
some
samples
and
stuff
linked
from
there
right,
yep
yep,
and
we
also.
B
C
B
A
B
I
think
the
plan
was
to
make
it
as
an
abstraction
to
be
able
to
work
with
other
things,
but
our
goal
here
is
to
provide
best
practices
and
guide
people
to
have
a
delegated
authentication
instead
of
managing
their
own
user
users
and
databases
right.
You
want
to
leave
that
somebody
else
and
you
focus
on
getting
the
tokens
and
moving
on.
A
And
then
you
know
like
so,
there
was
also
the
identity.
Server
came
up,
and
then
I
I'm
you
know
kind
of
aware,
there's
other
things
like
there's
octa
and
off
zero,
and
some
of
these
other
you
know,
is
the
idea,
potentially
that
this
would
integrate
with
that
as
well
or
at
least
be
an
abstraction
that
they
could.
C
That's
an
interesting
point,
because
one
of
the
big
things
is
the
identity
team
sort
of
took
over
building
this
library,
because
it
was
you
know.
Of
course,
we
have
a
vested
interest
in
people
using
our
identity
platform
want
to
make
it
easier
for
developers.
So
the
difference
was,
of
course,
that
a
lot
of
the
underlying
components
were
maintained
by
sp
net
core.
C
So
I
I
have
not
heard
of
any
plans
to
make
this
a
sort
of
common
abstraction
for
asp.net
core,
where
anybody
can
use
this
with
any
type
of
a
provider,
because
I
think
a
lot
of
that
is
already
there
to
some
degree.
It's
it's
more
complex
to
set
up,
and
it's
it's
closer
to
a
tray
of
of
parts
as
opposed
to
a
nearly
assembled
puzzle.
A
And,
like
you've
mentioned,
you
know,
you're
building
on
top
of
like
you're,
making
a
nice
experience
for
azure
id,
but
this
azure
id
is
built
with
open
id
connect
and
you're
working
with
the
the
protocols
and
stuff.
So
hopefully
you
know
I
mean
from
that
layer
just
of
working
with
the
same
protocols.
That's
the
interaction
seems.
B
Yeah-
and
we
also
want
to
establish
that
it's
also
for
btc
right,
so
you
don't
have
to
have
an
enterprise
app.
You
don't
have
to
have
a
line
of
business
application.
You
create
a
web
app
that
you
want
to
authenticate
some
users.
This
is
the
library
for
you
as
well.
If
you
want
to
manage
users
with
b2c
and
it's
transparent,
you
don't
have
to
you,
know,
download
any
extra
package
or
whatever
it's
the
same
kind
of
experience.
B
B
Well,
how
are
you
going
to
let
your
users
log
in
I
mean
if
it's
a
line
of
business
app,
then
you
might
as
well
just
use
kerberos
or
whatever
internally
to
authenticate
users,
but
if
you
are
out
on
the
web,
if
you
need
authenticate
users,
then
from
my
perspective,
even
for
internal
apps,
I've
used
azure
id
before
to
authenticate,
because
your
it
team
will
probably
be
managing
everything
I
develop
and
debug
locally.
Well,
I
don't
think
you
can
debug
against
azure
id
locally
unless
you
have
a
an
emulator
for
some
services.
C
Yeah
we
see,
we
see
some
customers
they
have.
They
may
have
like
an
authentic,
an
alternate
authentication
path,
for
example,
for
local
dev
or
for
under
certain
urls,
so
you'll
use
azure
id
normally
and
then
in
certain
conditions
you
might
switch
and
use
a
different
and-
and
you
drive
that
with
the
authentication
schemes
to
say,
use
scheme
a
for
azure,
ad
and
use
scheme
b
under
the
you
know,
for
these
other
conditions
or
specific
controllers,
yeah
and
and
that's
also
helpful
for
testing.
C
We
also,
we
see
a
lot
of
customers
who
have
they
want
to
migrate
from
like
an
existing
on-prem
database
or
an
hr
system
or
whatever.
So
that's
when
we
look
at
stuff
like
b2c,
because
we
have
lots
of
different
ways
to
sort
of
replace
a
password
database
with
b2c.
Of
course,
both
of
those
require
you
to
be
online,
but
at
the
same
time,
unless
you're
running
a
database
locally
or
you're
running
dc
locally
kerberos
is
going
to
require
you
to
be
online
and
so
is
a.
C
A
That
brings
up
another
question,
which
is
as
people
like
we've
got.
You
know:
we've
had
300
people
watching
we've.
All
these
people
are
learning
about
it,
they're
reading
about
it
it's
now
if
they
start
start
trying
it
out
and
have
questions
or
feedback
where's
the
best
place.
Should
they
file
issues
on
the
repo
that
you
link
to
or.
C
C
A
C
A
Cool
wow,
a
lot
of
great
information
here,
I'm
really
excited.
I
love
my
favorite
demo
was
the
one
where
you
delete
a
100
lines
of
code
that
looked
frighteningly
familiar
to
what
I'd
written
and
had
no
idea
what
I
was
writing
so
that
this
looks
really
great.
I'm
trying
to
think
if
there's
anything
else,
I
we
we
shared
where
people
can
go
to
find
you
and
keep
up
to
date.
I
guess
just
to
clarify
then,
as
far
as
remind
people,
what's
the
kind
of
like
next
steps.
B
I
think,
on
the
on
the
actual
repo,
there
might
be
a
road
map
section
where
people
can
go
and
have
a
look
but
we'll
we
definitely
have
the
maxwell
de
denton
web
team
coming
on
our
show
on
the
25th
of
september,
to
talk
to
us
about
maybe
roadmap
or
cover
additional
information.
If
you
want
to
ask
some
more
in-depth
stuff,
like
things
of,
can
I
use
identity
server
with
this?