latest version

Overview

• The big Picture
• High level Features
• Terminology
• Features and Specifications
• Packaging
• Getting Started: Creating the simplest OAuth2 Authorization Server, Client and API
• Getting Started: MVC Authentication & Web APIs
• Getting Started: JS Authentication & Web APIs

Configuration

• Overview
• Options
• Service Factory
• In-Memory Services and Stores
• Clients
• Scopes and Claims
• Secrets
• Keys, Signatures and Cryptography
• Authentication Options
• Identity Providers
• HSTS
• CORS
• Logging
• Events

Endpoints

• Authorization/Authentication
• Token
• UserInfo
• Discovery
• Logout
• Token Revocation
• Token Introspection
• Access Token Validation
• Identity Token Validation
• CSP Error Report

Advanced

• Refresh Tokens
• Registering Services
• DI for Services
• Caching for client, scope, and user stores
• Customizing Views
• Localizing messages
• CSP
• User Service
• OWIN environment extension methods
• Deployment
• Authenticating Clients with X.509 Certificates
• Custom Grant Types
• Signout
  • Session Management
  • HTTP based logout
• Federated Signout
• Federated post-logout redirects
• Invalidating existing login sessions

Consuming Tokens

• The Katana Access Token Validation Middleware
• Options
• Diagnostics

Entity Framework support for Clients, Scopes, and Operational Data

• Overview
• Clients and Scopes
• Operational Data
• Schema Changes and Migrations
  • Migrating from 1.x to 2.0
  • Using Entity Framework migrations with SQL Azure

WS-Federation

• Overview
• Options
• Service Factory
• Relying Parties
• Endpoints
• Entity Framework

Proof of Possession

• Overview
• Requesting PoP Tokens
• Consuming PoP Tokens

Resources

• Overview
• Community Add-ons
• Middleware for external Authentication