OAuth 2.0 is an industry-standard protocol for authorization. It is designed to accommodate a wide range of applications such as web, desktop, and mobile apps by applying specific authorization processes. A different grant type is specified for each use case. Today we will be discussing the Client Credentials grant type

Facebook, Google, and external provider authentication in ASP.NET Core describes how to enable users to sign in using OAuth 2.0 with credentials from external authentication providers. The approach described in that topic includes ASP.NET Core Identity as an authentication provider. This sample demonstrates how to use an external authentication provider without ASP.NET Core Identity.

The article shows how to implement user management for an ASP.NET Core application using ASP.NET Core Identity. The application uses custom claims, which need to be added to the user identity after a successful login, and then an ASP.NET Core policy is used to authorize the identity.

There is no doubt that external provider authentication is a must-have feature in new modern applications and makes sense because users are able to easily register new accounts and also login using their social account credentials. The entire process is based on OAuth 2.0 flows which were presented in detail in the OAuth 2.0, OpenID Connect & IdentityServer blog post of the ASP.NET Core Identity Series.

If you want to add more security, you must ask for a second authentication. That's what is called a two-factor authentication (2FA). Commonly, you have a device (specialized or a smartphone) that give you a number to write down on the computer after you entered your password. So, even if your password is compromised, an attacker cannot access your account.

This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application. The Fido2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity.