Everyone loves a good home lab setup. The cloud is great, but buying and installing hardware in the comfort of your own home is something one can get addicted to :)

Don’t get me wrong — there are things I put straight into the cloud without even considering self-hosting. Even though I have been an Exchange Admin in a previous life I use Office 365, and I certainly trust OneDrive and Azure File Storage more than the maintenance of my own RAID/NAS. …


If you have been doing any OAuth and/or Open ID Connect troubleshooting in recent years it’s very likely you’ve run across https://jwt.io, or in the Microsoft world https://jwt.ms. Great tools, but primarily JWT parsing tools rather than JWT validation tools.

Yes, jwt.io allows you to upload your keys in the UI, but there are a lot of scenarios that doesn’t work for.

Let’s rewind a step or two here first though. Last year I showed how you could create your own faux tokens. That is; the tokens were real enough, but they mimicked actual tokens as they would look if…


Slow year following my blog posts you say? I guess so.

There are a number of reasons — ranging from occasional laziness to “there’s a lot going on in general this year”. (No shortage of work around here.) Basically a mix of good and bad reasons I suppose. One of the, in my opinion, good reasons is that I have been busy putting in writing efforts in longer form than I usually do here.

Along with a couple of co-conspirators (Vincent Maverick Durano, Jeffrey Chilberto & Ed Price) I’ve managed to write and publish a book:
https://www.packtpub.com/product/asp-net-core-5-for-beginners/9781800567184

As the title…


This year’s release of .NET happened a few weeks ago with .NET 5. (Core is gone from the name now.) I have some sample code that works as sort of a boilerplate to verify basic functionality without containing anything fancy. One of those is a web app where one can sign in through Azure AD B2C. Logically I went ahead and updated from .NET Core 3.1 to .NET 5 to see if everything still works.

It works, but there are recommendations that you should put in some extra effort as the current NuGet packages are on their way to deprecation…


In my previous post I showed how you can generate your own “fake” Azure AD tokens, and in general create JWTs that are valid and verifiable. The nice thing about doing that is that it paves the way for other use cases as well. I’ve probably stated multiple times before that one of the things I like about Azure AD B2C is how flexible it is with regards to customizing the authentication experience to what you want it to be.

Generating our own tokens allows us to use a feature called “id token hinting”. The things I thought we’d be…


JSON Web Tokens (JWTs), colloquially known as “jots”, are the best thing since sliced bread in the identity developer space. Well, maybe that’s stretching it a bit far, but they are fairly simple to work with when it comes to deserializing, passing around, and general dev friendliness compared to legacy formats. For cloud developers it’s extra useful because it does not rely on things like being on the same corporate network as classic Active Directory Kerberos tickets prefer.

If you run code on Azure there’s really no way avoiding them.

The first part of working with JWTs is acquiring the…


I’ve been playing around with YubiKeys more or less since they first came on the market, and way back in the old days (2015) I wondered if it was possible to use them in combination with ADFS. And it turned out it was indeed possible.

Since I’ve been more focused on Azure after that I haven’t really done all that much around updating it, (as long as you updated the dll supplied by ADFS you got along more or less), but I decided to bring it up to the current ADFS release and see if things still worked. (For instance…


A couple of months back I did a little walkthrough of “Sign in with Apple” in an Azure AD B2C context, it being in a new preview and all:

But I didn’t really follow up on that when it went GA back in October.

So, let’s revisit this one.

I will assume you have performed the setup in the Apple Developer Portal as described here (follow along to you get to the “Creating the OIDC metadata endpoint” which will not be neccessary):

https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-apple

We were able to make it work in general so no complaints there, but there were some…


Disclaimer: Sign In with Apple is currently a preview feature. All things were working as described upon publishing of this article, but things may have changed by the time you read this article.

A month ago Apple held its annual Worldwide Developers Conference (WWDC) focusing on improvements in iOS and MacOS. I’m not doing a rehash of that event here, but there was one feature in particular that was interesting from an identity perspective; namely “Sign In with Apple”. Billed as a privacy-focused alternative to signing in with Google and Facebook identities, Apple intends to make this a more popular…


We all love simplicity, yet we also love freedom of choice. Sometimes these two parameters can be at odds with each other. For instance, if I go out for a beer I’m not too happy if there’s only one beer on tap (unless it happens to be one of my absolute favorites). If they have thirty different beers I face the problem of not being able to try them all out in an evening. Do a web search for “paradox of choice” for further explanations on this conundrum.

So, how does this relate to Azure AD B2C and authentication? Well…

Andreas Helland

A coder, an Azure fanboy, a virtual machine addict, and a geek.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store