DEV Community: Jon Davis

CoreIdent 0.4: A Ground-Up Rewrite for .NET 10+

Jon Davis — Sat, 13 Dec 2025 07:01:03 +0000

CoreIdent 0.4: A Ground-Up Rewrite for .NET 10+

Hey .NET community! I have a big update to share regarding CoreIdent : version 0.4 is a complete rewrite, built from scratch on .NET 10, including a rewrite of the objectives and goals.

If you've been following the 0.3.x releases (Phase 2, Phase 3, ID tokens, etc.), you might be wondering: why start over? Let me explain.

🔄 Why a Rewrite?

The 0.3.x codebase taught me a lot about what is actually needed from an identity/auth library. But it also revealed some fundamental limitations:

Symmetric keys only — HS256 is fine for demos, but production needs RS256/ES256 with proper JWKS publishing
Passwords first — The industry is moving passwordless; we should lead, not follow
.NET 9 constraints — .NET 10 brings native passkey support, better metrics, and auth API improvements we want to leverage
Test infrastructure debt — The test setup was getting unwieldy; we needed reusable fixtures from day one

Rather than bolt these onto 0.3.x, I decided to rebuild with the right foundations.

Legacy note: The 0.3.x codebase is preserved at the legacy-0.3.x-main tag if you need it.

The New Vision

CoreIdent's goal is to be a holistic authentication toolkit—not just an OAuth server, but a single solution covering:

Scenario	Description
Embedded Auth	Drop-in authentication for ASP.NET Core apps
External Providers	Google, Microsoft, GitHub integration
Identity Server	Full OAuth 2.0 / OIDC capabilities
Client Libraries	Secure auth for MAUI, WPF, Blazor, Console apps

The key shift: passwordless-first. Email magic links and passkeys are the primary auth methods; passwords are a fallback.

What's Working Today

CoreIdent 0.4 already has a solid OAuth/OIDC foundation:

Token Endpoint (`/auth/token`)

client_credentials grant
refresh_token grant (with rotation + theft detection)
authorization_code grant (PKCE required)
password grant (deprecated; logs a warning)

Authorization Flow

/auth/authorize endpoint with consent UI
/auth/consent for user grant management
Full PKCE enforcement

Standards Compliance

Token revocation (RFC 7009)
Token introspection (RFC 7662)
OIDC discovery (/.well-known/openid-configuration)
JWKS publishing (/.well-known/jwks.json) — public keys only

Asymmetric Key Support

Production-ready signing with RS256 and ES256:

builder.Services.AddSigningKey(o => o.UseRsa("/path/to/private-key.pem"));
// or
builder.Services.AddSigningKey(o => o.UseEcdsa("/path/to/ec-key.pem"));

Pluggable Persistence

In-memory stores by default (great for dev/testing)
EF Core implementations for production

builder.Services.AddDbContext<CoreIdentDbContext>(options =>
    options.UseSqlite(connectionString));
builder.Services.AddEntityFrameworkCoreStores();

Test Infrastructure

Reusable fixtures and builders under tests/:

CoreIdentTestFixture for integration tests
Fluent builders for clients, users, scopes
Assertion extensions for JWT validation

🚀 Quick Start

Here's a minimal OAuth server in ~10 lines:

using CoreIdent.Core.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCoreIdent(o =>
{
    o.Issuer = "https://issuer.example";
    o.Audience = "https://resource.example";
});

builder.Services.AddSigningKey(o => o.UseRsa("/path/to/private-key.pem"));

var app = builder.Build();
app.MapCoreIdentEndpoints();
app.Run();

That gives you:

Token endpoint with multiple grants
OIDC discovery + JWKS
Authorization code flow with consent

What's Next

The roadmap is focused on making CoreIdent a true "one-stop shop":

Passwordless Authentication
- Email magic links
- Passkeys (leveraging .NET 10's native support)
External Providers
- Google, Microsoft, GitHub
- Clean provider abstraction for community additions
Client Libraries
- CoreIdent.Client — works in any .NET app
- Platform-specific: MAUI (SecureStorage), WPF (DPAPI), Blazor WASM
Developer Experience
- Project templates
- Better error messages
- OpenTelemetry metrics integration

📚 Documentation

All planning and implementation docs are in the repo:

Developer Guide — Start here for practical usage
Project Overview — Vision and architecture
Technical Plan — Specifications and interfaces
DEVPLAN — Task-level checklist

🤝 Get Involved

CoreIdent is MIT licensed and open for contributions. If you're interested:

Check out the repo
Read the DEVPLAN for current tasks
Run the integration tests to get familiar with the codebase
Open an issue or PR!

The goal is to build the identity system we all wish existed—open, modular, and developer-friendly.

If you followed the 0.3.x journey:

Thanks for following along. Let's build something great!

C# (Maybe) Joins the Motia Family: Building Multi-Language Workflows with .NET 9

Jon Davis — Fri, 03 Oct 2025 21:46:58 +0000

What is Motia?

If you haven't heard of Motia yet, it's a polyglot backend framework that unifies APIs, background jobs, scheduled tasks, and AI agents into a single runtime. Instead of piecing together Express for APIs, Bull for queues, node-cron for scheduling, and separate platforms for AI agents, you write everything as "Steps" - a simple primitive with four concepts: Trigger (API/event/cron), Handler (your logic), Emit (output events), and Subscribe (input topics).

The magic is that Steps can be written in different languages in the same project. Your API endpoint in TypeScript can emit an event that triggers a Python step (perfect for ML processing), which then emits to a Ruby step, all with built-in observability showing exactly what happened and when. No microservices orchestration headaches, no message broker setup, no distributed tracing configuration - it's all there.

Think React's component model, but for backend workflows. That's the vision.

C# Support

I'm excited to share that C# (.NET 9) support may soon be available in Motia. Following TDD principles, I've built full C# integration that lets developers write backend services alongside TypeScript, Python, JavaScript, and Ruby - all in the same project with automatic cross-language communication.

Try it now: This is currently a PR awaiting review from the Motia maintainers, but you can use it today from my fork:

https://github.com/stimpy77/motia/tree/feat/csharp-dotnet-support

The pull request to the main repo: #769

What Makes This Special?

Unlike traditional polyglot systems that require glue code, this C# integration is truly seamless:

Full bidirectional RPC - State operations work across all languages
Zero configuration - Just write .step.cs files and go
Complete feature set - State management, logging, tracing, all 4 step types
Type-safe - Leverage C#'s strong type system
Cross-platform compatible (tested on macOS, should work on Linux/Windows)

See It In Action

Here's a simple example - an API endpoint in C# that communicates with event handlers in any language:

// steps/api.step.cs
public static class ApiStepConfig
{
    public static object Config = new
    {
        type = "api",
        name = "OrderAPI",
        path = "/orders",
        method = "POST",
        emits = new[] { "order.created" }
    };
}

public static class ApiStepHandler
{
    public static async Task<object> Handler(object req, dynamic ctx)
    {
        // Set shared state
        await ctx.State.Set("lastOrder", "ORD-12345");

        // Emit event (any language can subscribe!)
        await ctx.Emit(new
        {
            topic = "order.created",
            data = new { orderId = "ORD-12345", amount = 99.99 }
        });

        // Log with automatic tracing
        ctx.Logger.Info("Order created", new { orderId = "ORD-12345" });

        return new
        {
            status = 201,
            body = new { message = "Order created successfully" }
        };
    }
}

That's it! No boilerplate, no configuration files, no infrastructure setup. Just pure business logic.

The Development Journey

The implementation followed strict TDD. Here are the main challenges I tackled:

1. Roslyn Scripting Integration

Getting Roslyn to dynamically compile C# code at runtime while maintaining fast execution was tricky. The challenge was balancing compilation speed (~500-1000ms) with the flexibility of not requiring pre-compiled assemblies. I went with Roslyn scripting over native AOT compilation to keep the developer experience smooth.

2. RPC Protocol Design

C# needed to talk to Node.js over stdin/stdout using JSON-RPC. The initial implementation was one-way (C# sends, Node.js processes) which worked for emit() and State.Set(). But State.Get() requires bidirectional communication - send a request, wait for a response.

The breakthrough was implementing:

Request ID tracking with TaskCompletionSource for async/await patterns
A background thread continuously reading responses from stdin
Response matching to complete the right pending request
30-second timeouts to prevent hanging

// This now works!
await ctx.State.Set("user", userData);
var user = await ctx.State.Get<UserData>("user"); // Returns actual value

3. CLI Template System

The motia create -t csharp command needed to scaffold a complete project with:

Proper .csproj configuration
Example steps for all 4 types (api, event, cron, noop)
README with C#-specific instructions
Build system integration for cloud deployment

4. Multi-Language State Sharing

Making sure state set by TypeScript steps could be retrieved by C# steps (and vice versa) required careful JSON serialization. C#'s System.Text.Json needed to play nice with Node.js's serialization, especially for complex objects.

5. Process Management

Each C# step spawns a .NET process. Managing process lifecycle, handling crashes gracefully, and ensuring proper cleanup without memory leaks took some careful work with Node's process communication APIs.

Real-World Multi-Language Example

Imagine building an order processing system where each language does what it does best:

C# API Step (HTTP endpoint):

public static async Task<object> Handler(object req, dynamic ctx)
{
    await ctx.State.Set("order", orderData);
    await ctx.Emit(new { topic = "order.created", data = orderData });
    return new { status = 201, body = new { orderId = "123" } };
}

Python Event Step (ML processing):

async def handler(input, context):
    order = await context.state.get("order")
    # Process with scikit-learn, tensorflow, etc.
    await context.emit({
        "topic": "order.analyzed",
        "data": {"risk_score": 0.95}
    })

TypeScript Event Step (Business logic):

export const handler = async (input, { state, emit }) => {
  const order = await state.get("order");
  // Handle payment processing
  await emit({ topic: "order.completed", data: { orderId: order.id } });
};

All three steps communicate automatically through Motia's event system with built-in observability!

Technical Deep Dive

Architecture Highlights

Roslyn Scripting - Dynamic C# compilation for rapid development
RPC over stdin/stdout - Efficient bidirectional communication
Process isolation - Each C# step runs in its own process
Automatic discovery - Just name files *.step.cs and Motia finds them

Performance Characteristics

Process spawn: ~200-300ms (first request)
Roslyn compilation: ~500-1000ms (dynamic)
RPC round-trip: ~1-5ms per operation
Memory overhead: ~40-60MB per process

Future Optimizations (Phase 7)

The implementation is feature-complete and well-tested, but here's what could improve performance further:

Process pooling - Reuse C# processes (50-70% faster cold starts)
Assembly caching - Reduce compilation time by 80%
NuGet package - Official Motia.Core package
Source generators - Reduce boilerplate with code generation
Middleware support - C# middleware chains for API steps
F# support - Functional programming on .NET

Testing

The implementation includes comprehensive testing:

Unit tests - Config parsing, execution, state operations
Integration tests - Full workflow validation
E2E tests - Template creation and deployment
Platform testing - Verified on macOS (compatible with Linux and Windows)

All tests passing, including the critical bidirectional state operations.

Trying It Out

If you want to test this before it's (potentially) merged:

# Clone my fork
git clone https://github.com/stimpy77/motia.git
cd motia
git checkout feat/csharp-dotnet-support

# Install dependencies
pnpm install

# Build
pnpm build

# Try the C# template
cd /tmp
npx ../motia/packages/snap/dist/index.js create -t csharp my-csharp-app
cd my-csharp-app
npx motia dev

Or wait to see if the maintainers merge PR #769, then you can just use:

npx motia@latest create -t csharp my-csharp-app

Prerequisites

.NET 9 SDK - Download here
Node.js 20+

Step Types Available

C# supports all 4 Motia step types:

Type	Trigger	Example Use Case
api	HTTP Request	REST endpoints, webhooks
event	Topic subscription	Background processing, queues
cron	Schedule	Daily reports, cleanup jobs
noop	Manual	External processes, UI helpers

Try It Yourself

Live Branch: feat/csharp-dotnet-support

Pull Request: #769 on MotiaDev/motia

The PR includes:

Complete implementation with bidirectional RPC
Comprehensive documentation
All tests passing
Phase 7 roadmap with future enhancements

Why This Matters

For C# Developers: Build modern backends without leaving the .NET ecosystem. Leverage your existing skills and libraries with strong typing and excellent IDE support.

For Motia Users: Use the best tool for each job - C# for APIs, Python for ML, TypeScript for business logic. Seamless cross-language communication with single deployment and unified observability.

For the Community: A reference implementation for multi-language frameworks with a working bidirectional RPC pattern and comprehensive testing.

What's Next?

The implementation is feature-complete with all tests passing. Phase 7 ideas for future optimization:

NuGet package - Official Motia.Core for better IDE support
Source generators - Auto-generate config from attributes
Performance - Process pooling and assembly caching
Middleware - C# middleware chains like TypeScript
F# support - Functional programming on .NET

Feedback Welcome

If you try this out, I'd love to hear how it goes:

Found a bug? Open an issue
Have ideas? Comment on PR #769
Like it? Star the repo
Built something? Share in the Discord

Resources

Main Repository: MotiaDev/motia
Documentation: motia.dev
Examples: motia-examples
C# Examples Guide: EXAMPLES_GUIDE.md - Blueprint for C# example implementations

Built with: .NET 9 and TDD methodology.

Full disclosure (because honesty is fun): I built this entire implementation using Claude 4.5 Sonnet in Cursor. Every line of C# runner code, RPC protocol implementation, test fixtures, documentation, and yes, even this post explaining how I used AI to write it, was pair-programmed with AI. The irony is not lost on me. The TDD approach and architectural decisions were collaborative between human and AI, which is a fancy way of saying I described what I wanted and Claude wrote it while I just sat there barking at it when it broke.

If this bothers you, buckle up - this is how things are getting done now and it's only going to accelerate. 🤷

Special thanks to the Motia community and the existing Python/Ruby implementations that served as reference patterns.

What would you build with C# + Motia? Drop a comment below.

#csharp #dotnet #backend #opensource #developers #api #microservices #eventdriven

CoreIdent v0.3.5: OIDC ID Tokens, Real-World Gaps, and What’s Next

Jon Davis — Sat, 19 Apr 2025 21:09:11 +0000

CoreIdent is on a mission to make robust, standards-based authentication and identity actually developer-friendly. In Phase 3, we delivered hardened OAuth 2.0 Authorization Code flows and security improvements. Now, with v0.3.5, we’re taking the next step: real OIDC ID Token support, smarter claims, and a roadmap for practical, real-world adoption.

🚀 What’s New in v0.3.5

OIDC-Compliant ID Token Issuance:

ID Tokens are now fully standards-based, with claims like name and email sourced from your user store (not just the username field). This means better compatibility and flexibility for modern apps.
Comprehensive Testing:

We’ve added a full suite of unit and integration tests for all ID Token claim variations, including nonce round-trip and scope-based claim inclusion.
DEVPLAN: Real-World Gaps Checklist:

We’re not just checking spec boxes anymore. Our new Phase 3 checklist documents where spec-compliance isn’t enough—covering custom claims, consent UI, token revocation/introspection, dynamic client registration, key rotation, and more.
All Packages Updated:

Core, EF, and DelegatedUserStore packages are now at 0.3.5.

🧐 Why This Matters

Many identity platforms “pass the tests” but frustrate real developers with missing extension points, hard-coded behaviors, or lack of practical features. CoreIdent is committed to surfacing and fixing these gaps—so your apps work the way you expect, not just the way the spec says.

🔭 What’s Next?

Tackling the new checklist: custom claims, consent, dynamic registration, and more
Minimal, extensible UI package for login, consent, and error handling
Real-world interop and negative testing
Community feedback and contributions welcome!

📚 Read More

Ready to try CoreIdent or contribute?

Check out the repo, and let’s build the identity system we all wish existed!

CoreIdent Phase 3 Milestone: OAuth 2.0 Authorization Code Flow & Token Security Hardened!

Jon Davis — Thu, 17 Apr 2025 07:27:33 +0000

Hey .NET developers!

Following up on my previous announcement about Phase 2, I'm thrilled to share that the first major feature set for Phase 3 of CoreIdent is complete and published in version 0.3.1 on NuGet!

This milestone lays critical groundwork for CoreIdent becoming a robust OAuth 2.0 / OpenID Connect provider, moving significantly beyond the basic registration/login established in earlier phases.

What's New in v0.3.1 (Phase 3 Progress)?

This update was packed with foundational OAuth features and significant internal improvements stemming from rigorous testing:

🚀 Authorization Code Flow + PKCE

This is the cornerstone for securely authenticating users in web applications, Single Page Applications (SPAs), and native/mobile clients. CoreIdent now includes:

/auth/authorize Endpoint: Handles the initial authorization request, validates client/redirect URIs, checks user authentication, and issues authorization codes.
/auth/token Endpoint Enhancement: Added support for the authorization_code grant type. It securely exchanges the code for tokens, validating the client and performing PKCE (Proof Key for Code Exchange) verification for enhanced security against code interception attacks.
OIDC ID Tokens: Basic OpenID Connect ID Tokens are now issued alongside access/refresh tokens during the Authorization Code flow, containing essential user claims.

🔒 Hardened Refresh Token Security

Based on deep testing and refinement, refresh token handling is now significantly more secure:

Secure Handle Storage: Refresh tokens now store the raw handle as the primary key in the database (Handle column) while also storing a separate, securely hashed version (HashedHandle column, using SHA-256 salted with user+client ID). The raw handle is returned to the client, but storage relies on the hash, preventing exposure if the database is compromised. (Documentation updated to reflect this).
Token Theft Detection (Default: RevokeFamily): The default security posture (TokenSecurity.EnableTokenFamilyTracking = true, TokenSecurity.TokenTheftDetectionMode = RevokeFamily) now actively combats token theft. If a consumed refresh token is reused, CoreIdent not only rejects it but also immediately revokes all other active tokens belonging to the same rotation family. This significantly mitigates the risk of a compromised token being used further.

✅ Test Suite Overhaul & Bug Fixes

A major effort went into strengthening the integration test suite (CoreIdent.Integration.Tests). This involved:

Fixing numerous bugs related to DbContext lifetime/scoping within WebApplicationFactory.
Ensuring reliable database migration and seeding within test setups.
Correcting logic in token storage/lookup (Handle vs HashedHandle).
Resolving subtle JSON deserialization issues caused by duplicate type definitions.
Aligning test assertions with the actual (and intended) behavior of features like RevokeFamily token theft detection.

Having passing, reliable integration tests is crucial for confidence and stability!

📚 Updated Documentation

The README.md and docs/Developer_Training_Guide.md have been updated to reflect:

Correct endpoint paths (using the /auth prefix).
Clarified details on refresh token storage (raw vs. hashed handles).
Explanation of the RevokeFamily token theft detection behavior.
Notes on DI registration order and test setup best practices.

What's Next?

Phase 3 continues with:

Client Credentials Flow implementation.
OIDC Discovery endpoints (/.well-known/openid-configuration, /.well-known/jwks.json).
Further ID Token refinements.

Get Involved!

CoreIdent aims to be the modern, developer-centric identity solution the .NET community deserves.

Check out the code: https://github.com/stimpy77/CoreIdent
Try the NuGet packages: CoreIdent.Core, CoreIdent.Storage.EntityFrameworkCore, CoreIdent.Adapters.DelegatedUserStore (v0.3.1)
Star the repo! ⭐
Provide feedback: Open issues, start discussions.

Let's build this together!

What are your biggest pain points with existing .NET identity solutions? Share in the comments!

Introducing ConsoleInk.NET: Streaming Markdown Rendering for .NET Console Apps

Jon Davis — Sun, 13 Apr 2025 06:36:22 +0000

Today I'm excited to announce the first release of ConsoleInk.NET, a lightweight, zero-dependency .NET library for rendering Markdown directly in console applications using ANSI formatting.

What is ConsoleInk.NET?

ConsoleInk.NET transforms Markdown text into beautifully formatted console output, with a streaming-first design that processes content incrementally as it arrives - perfect for real-time display of documentation, chat messages, or any text that benefits from Markdown's readability.

// Simple example
string markdown = "# Hello Console!\nThis is **bold** and *italic* text.";
MarkdownConsole.Render(markdown, Console.Out);

Why Another Markdown Library?

Most Markdown libraries focus on HTML conversion or require complex dependency chains. ConsoleInk.NET addresses a specific need: direct console rendering with:

Zero external dependencies - just the .NET BCL
Streaming-first architecture - process content as it arrives
ANSI formatting - for modern terminal experiences
Simple API - intuitive for both one-shot and streaming scenarios

Features

ConsoleInk.NET supports a wide range of Markdown syntax:

Text Formatting: Headings, paragraphs, emphasis (bold, italic)
Structured Content: Lists (ordered, unordered, task lists), blockquotes
Code: Inline code, indented code blocks, fenced code blocks
Links: Inline links with true OSC-8 hyperlinks (terminal-dependent)
Tables: Basic GFM table support
Theming: Customizable ANSI color schemes

Hyperlinks

One standout feature is support for true clickable hyperlinks in terminals that support the OSC-8 spec:

var options = new MarkdownRenderOptions { UseHyperlinks = true };
string markdown = "Visit [GitHub](https://github.com/) for more info.";
MarkdownConsole.Render(markdown, Console.Out, options);

In terminals without hyperlink support, it falls back to styled text with the URL displayed in parentheses.

Code Blocks

Both indented and fenced code blocks are supported with careful handling of line breaks and indentation:

// Example showing fenced code blocks
string markdown = @"
# Code Example

csharp
// This will be rendered with proper spacing
if (x > 0)
{
Console.WriteLine(""Hello"");
}

";
MarkdownConsole.Render(markdown, Console.Out);

What's Not Supported (Yet)

Advanced HTML: HTML tags are stripped by default
Syntax Highlighting: Code blocks are styled but not syntax-highlighted
Math Notation: LaTeX/MathJax content is rendered as plain text
Diagrams: Mermaid and similar diagram markup is displayed as plain text

Implementation Approach

ConsoleInk.NET uses a state machine processor that handles Markdown incrementally and renders directly as it processes content. This approach is optimized for line-by-line rendering and enables live display of content as it arrives.

The streaming design follows a clean TextWriter-like pattern:

// Streaming example
using (var writer = new MarkdownConsoleWriter(Console.Out, options))
{
    // Process content as it arrives
    writer.WriteLine("# Streaming Demo");
    writer.WriteLine("Content is processed **incrementally**.");
    // Disposal handles completion automatically
}

Getting Started

Install from NuGet:

dotnet add package ConsoleInk.Net --version 0.1.2

Basic usage:

using ConsoleInk.Net;

// One-shot rendering
string markdown = "# Hello\n\nThis is a **test**.";
MarkdownConsole.Render(markdown, Console.Out);

// With custom options
var options = new MarkdownRenderOptions
{
    ConsoleWidth = 80,
    Theme = ConsoleTheme.Default,
    UseHyperlinks = true
};
MarkdownConsole.Render(markdown, Console.Out, options);

Future Plans

This is just the beginning for ConsoleInk.NET. Future releases will add:

A dedicated PowerShell module for seamless PS integration
Extended GFM support
More theming options
Improved table handling
Better rendering of complex nested structures

Try It Today

ConsoleInk.NET is open source (MIT license) and available on NuGet. The source code is on GitHub.

Give it a try for your next console application that needs beautiful documentation, help text, or any Markdown-formatted content!

Have you used Markdown rendering in console applications before? What features would you like to see in future releases? Let me know in the comments!

CoreIdent Phase 2 Complete: Adding Persistence and Extensibility

Jon Davis — Sun, 13 Apr 2025 06:29:57 +0000

Hey .NET community! I'm excited to share that Phase 2 of CoreIdent is now complete, building on the foundation I shared in my initial announcement. This milestone brings us one step closer to a comprehensive, modern identity solution for .NET developers.

What's New in Phase 2?

Phase 2 focused on two critical aspects: persistence and extensibility. Let me walk you through what's been accomplished:

1. Entity Framework Core Storage

The new CoreIdent.Storage.EntityFrameworkCore project provides a full-featured persistence layer:

CoreIdentDbContext with properly configured entity relationships
EF Core implementations for all key interfaces:
- EfUserStore for user management
- EfRefreshTokenStore for secure token handling
- EfClientStore for OAuth client configuration
- EfScopeStore for scope management
Migrations support for easy database setup
Extension methods for seamless integration: AddCoreIdentEntityFrameworkStores<TContext>()

Initial SQLite support ensures developers can get started quickly, while the architecture supports any EF Core provider.

2. Delegated User Store Adapter

One of the most requested features was integration with existing user databases. The new CoreIdent.Adapters.DelegatedUserStore project makes this possible:

A flexible adapter pattern for connecting to external user stores
Simple delegate-based configuration
Support for read operations against existing systems
Clean extension methods: AddCoreIdentDelegatedUserStore()

This means you can now use CoreIdent with your existing ASP.NET Identity database, custom user tables, or even external identity providers.

3. Refined Interfaces and Models

The core interfaces have been significantly enhanced:

IUserStore now includes comprehensive methods for password management, claims, and lockout functionality
New IRefreshTokenStore, IClientStore, and IScopeStore interfaces provide clear contracts
Model refinements throughout the codebase enhance consistency and security

4. Robust Refresh Token Implementation

Security was a major focus in Phase 2:

Full token rotation implementation (old tokens automatically invalidated when used)
Proper token hashing and validation
Prevention of common token replay attacks
Clean integration with the persistence layer

What's Next: Phase 3

With Phase 2 complete, development is now focused on Phase 3: Core OAuth 2.0 and OpenID Connect server mechanics. This will include:

Authorization Code flow with PKCE
Client Credentials flow
OpenID Connect discovery endpoints
ID Token issuance

The groundwork laid in Phases 1 and 2 provides a solid foundation for these advanced features.

Getting Involved

CoreIdent is being built as a gift to the .NET community. If you're interested in modern, secure, and developer-friendly authentication:

Check out the GitHub repository
Star the project to show your support
Contribute ideas, issues, or pull requests
Try it out and provide feedback

Whether you're building a small side project or an enterprise application, CoreIdent aims to make authentication both secure and painless.

I'm excited to continue this journey and bring a truly modern identity solution to .NET developers. Stay tuned for Phase 3!

What aspects of identity management in .NET do you find most challenging? Let me know in the comments!

Coming soon: Announcing CoreIdent

Jon Davis — Sat, 12 Apr 2025 08:25:13 +0000

Coming soon: Announcing CoreIdent! 🎉 I’m working on a new open-source, dev-friendly identity & auth solution for modern #dotnet. Built on .NET 9+, modular, and aiming to simplify secure logins (incl. Passkeys, Web3).

Check it out: https://github.com/stimpy77/CoreIdent #opensource #authentication #identity

CoreIdent is a solo project I just started on—a modern, open-source identity and authentication solution for the .NET ecosystem, built from years of wrestling with software challenges. When Identity Server went commercial, it left a gap in the .NET community. There aren’t many .NET-based options that deliver both serious power and easy setup, whether you’re coding for a startup or an enterprise app. CoreIdent is my stab at fixing that, leaning on convention over configuration, modularity, and integrations that just work.

I want secure authentication and authorization to feel effortless, whether you’re grinding on a side project or a mission-critical system. CoreIdent will support traditional identity standards and dive into newer stuff like Decentralized Identity (DID), Passkeys, and Web3 auth. Its pluggable provider model means you can tailor it for anything—from quick MVPs to massive deployments—without getting stuck with vendor lock-in.

I’m early in the build, crafting this alone as a future gift to the .NET community. CoreIdent runs on .NET 9+ to tap into the latest performance and security features, keeping it lightweight but ready for real-world demands. I’m working on support for OAuth 2.0, OpenID Connect, and JWT-based flows, with integrations for players like Google and Microsoft built in. Got custom auth needs? The modular design will let you plug in your own providers or handle oddball requirements without a fuss. My target: get auth running in minutes, not days, because I’ve felt the pain of setup nightmares.

This project is me trying to build what I always wanted: a dependable, flexible identity solution that doesn’t skimp on security or simplicity. CoreIdent’s being designed for serious business use—think e-commerce platforms, SaaS products, or microservices setups—while staying approachable for smaller gigs. Picture starting a new app and crushing authentication before your standup meeting, or messing around with passwordless logins and blockchain-based identity without losing your mind. Solo dev with a dream? Team scaling a product? I want CoreIdent to be your go-to. It’ll be fully open source, so you can fork it, tweak it, or run wild with it. I’ve spent years seeing identity systems trip up or shine, and I’m channeling that into something secure, practical, and—why not?—kinda delightful to use.

Swing by the GitHub repo, drop a star, share your thoughts, or just watch it come together. Let’s make identity in .NET something you can count on, whatever you’re building.

Oh yeah, one more thing. Am I leveraging AI? Of course. Did I leverage AI to post this? Dude. Get with the times. Our experience drives AI now. We command and conquer.

How do you manage focus in ramp-up?

Jon Davis — Mon, 21 Oct 2019 08:35:21 +0000

Just a brief question. How do you manage to maintain focus in ramp-up (technical self-training)? One of my great deficiencies over my career has occasionally been shown to be a failure to have deep understanding of some of the tech stack components I claim to support. And the root cause of this is that when the time came that I needed to learn up on my stuff, I got ADHD of some sort, and never followed through with deep diving and getting to the end.

22 years in the field, I've seen a lot of action and a lot of evolution of technology and watched a lot of technology trends come and go. Every new thing I learn makes me reminisce about something else I knew, or something else I heard about, or wonder what happened to that one guy who showed me how he dabbled in that such and such ...

I'll read a paragraph from a tutorial, and nitpick specific details, and ask questions about those details, and find myself spending thirty minutes researching those tangents. Eventually I'll realize I got off on a tangent--but not before taking a mental break and finding some other music to listen to, then researching what happened to that old musical artist I used to love years ago, or whatever--and then finally return to the same paragraph to finally implement the detail that the tutorial is telling me to do.

Rinse, repeat, for every. single. paragraph. As a result, twenty-minute tutorials take me two or three days to complete, or some ten or so hours. Similarly for video; I am constantly having to rewind because I think too hard on each point; a two hour video can take days (many hours) to wade through. I'm more or less enriched for all this, but it makes me a less competent professional when I put in equal time as my peers--I have to dedicate so much more time to the craft than they do, I think.

When I know my stuff I am pretty good at it, but I am floored by the depth and resolve and detail that my peers are able to demonstrate when they lay out their abilities and put them on full display. Yes, it makes me jealous. And frustrated.

I'm serious. Is there a particular kind of psychologist or other professional I should be talking to? Maybe there is some "focus pill" I can take.

Are there simple tactics or mind tricks you use to keep the ball rolling and on track?

Prelude to a Blogging Reset

Jon Davis — Sun, 20 Oct 2019 08:03:21 +0000

This is a mirror/clone of a post of the same name on my blog at http://www.jondavis.net/techblog/

I started blogging in around 2002/2003 when Blogger and Radio UserLand were inspirations for me to create a desktop blogging app I called PowerBlog.

Archive.org archive of my old PowerBlog.net software download web site:
https://web.archive.org/web/20031010203956/http://powerblog.net/

My motivations were three:

To grow my skill set as a software developer.
To see if I could maybe make a living building and selling home-grown software. (PowerBlog was available for sale, but didn't sell.)
To write, and write, and write. My brain was churning, and I wanted to divulge my thoughts out loud.

PowerBlog was initially written in VB6. It consisted of an instance of the Internet Explorer WebBrowser COM object to drive a true WYSIWYG experience, design philosophies similar to those of Outlook Express (an e-mail and newsgroup client), and a publish mechanism component model including support for user-defined publishing scripts using the Active Scripting (VBScript/JScript) runtime component. When .NET v1.1 came out, I rewrote PowerBlog in C#, reusing the same components from Microsoft but adding more features like XML-RPC--by which I built my own client/server libraries with self-documenting HTML output similar to ASP.NET's .asmx behavior--and style synchronization so that the user could edit in the same CSS style as the page itself. I tried to sell PowerBlog for $10 to $20 per download. It didn't sell. That's kind of okay, the value of my efforts was found in my skills ramp-up and in my having a tool for my own writing.

PowerBlog got Microsoft's attention. Three things happened, all of a sudden, with Microsoft: 1) the Windows Live initiative kicked off blogging from their web site (which they've since shuttered), 2) Microsoft interviewed me, and 3) Windows Live Writer was written, stealing most of the good ideas I had in PowerBlog (admittedly tidbits of the ideas of PowerBlog were stolen from another app called W.bloggar). I got nothin for it but some bragging rights for the ideas.

I was broke. My motivators to go out on my own (taxes-related need to go offline to do some research) subsided. So I stopped development and went back out into the workforce. When .NET 2.0 came out along with a new version of Internet Explorer, it broke PowerBlog permanently. Microsoft published WebBrowser components that directly collided with the WebBrowser components I had created for PowerBlog. So PowerBlog isn't available today--it will just crash for you if you try--and I couldn't even build my own source code anymore, without finding an old Windows XP box with an old version of Visual Studio and .NET Framework 1.1. It just wasn't worth the hassle, so I never bothered. Maintenance was immediately halted. PowerBlog.net went offline. I didn't much care. I did need to keep blogging and writing, so eventually I found BlogEngine.net and transferred my technical blog content to it. I updated the blog engine code once or twice as it evolved, but eventually I just let it sit dormant.

So that's where my tech blog instance stands today. http://www.jondavis.net/techblog/ runs on a decade old version of BlogEngine.net which I've tailored a bit to include banned IPs and some home-grown CAPTCHA functionality for the comments. I've since looked at a few other blogging engines over the years I've considered adopting, most notably I remember looking at NBlog, which gave me the most control but required me to implement it in code and didn't sufficiently demonstrate black box modularity, and Ghost, which would grow me in NodeJS but ticked me off in its stance on only using Markdown and never WYSIWYG HTML editing. Choice would be nice, and non-technical authoring deserves Word-like editing from time to time.

Meanwhile, the whole time, developers and non-developers alike have pooh-poohed the interestingness of blogs, blogging software, blogging strategies, blogging services, etc. I can certainly see why. At its most basic level, blogs are little more than single-table CRUD apps. You have an index of recent blogs, you have a detail view of an individual blog post, you have an editor and creator page, and you can delete a blog post. The content of a blog post is, to the casual observer, nothing but four components: title, body, author, and publish date. If that's what you think a blog is, you're naive, and likely didn't bother reading this far.

At the very least, on the technical side, blogging brought about a few innovations that revolutionized the Internet, including:

XML-RPC (SOAP's midget predecessor)
RSS
Publish pings
Atom
OPML

Not to mention less specific innovations, like end user accessible management of slugs (URL paths) for enhancing SEO. And the whole notion of blogging became the basis of the World Wide Web's notion of community interconnectivity. The broad set of Web sites was social networking, before social networks took over social networking. Blog sites were known, and linked to each other. Followers of blogs created view counts that filled the hole that Facebook post likes fill today.

This is perhaps why dev.to is such a success story; it's like a Facebook group, for coders, where every single post is a blog article.

Anyway, so now I sit here typing into the ten year old deployment of BlogEngine.net on my resurrected tech blog, wondering what my next steps should be. Well, I'm pretty sure I want to create my own blog engine again, and build on it. Yes, it's a two decades stale idea, but here are my motives:

My blog philosophies still differ somewhat from the offerings currently available (although not far at all from BlogEngine.net)
I want to keep growing my technical skill set (not just write about them). There are revised web and software standards I need to freshen up on, and apply my learnings. Creating a blog site has always been a good mechanism to sample and apply the most basic web tech skills.
I need anything I deploy to a technical blog to portray my own personal portfolio, including the site on which my writings are displayed
I still like the idea of taking something I myself created and putting it out on github as a complete package and perhaps managing a hosted instance of it, similar to WordPress.

All this said, I don't think I'll be doing a full-blown BlogEngine.net equivalence. It will be a simple thing, and from that I'll take some ideas to glean from and apply them to other software efforts I'll be working on.

But a few things I will point out about the technical strategies and approaches I intend to implement:

Rich front-end libs (React, Vue, Blazor, etc)?? While I might take, say, Ghost's approach in having some rich interactivity for the author's experience, the end user (reader) experience cannot be forced to utilize them. A blog page must be rich in HTML semantics and index well SEO-wise for the web at large, so the HTTP response payload cannot be Javascript stub placeholders for dynamic content.
Componentization is more important than anything else. I do intend to iterate over a lot of the features this old instance of BlogEngine.net has as well as current blog engines, and figure out ways to spoonfeed those features without embedding them deeploy in interdependencies. Worst thing I could do is embed all the bells and whistles directly into ASP.NET Razor Pages themselves. I intend to apply decorator pattern principles, perhaps applying sidecar architecture for some components where appropriate. Right now I'm looking at using Identity Server 4, for example, as a sidecar architecture for author identity and privileges. Speaking of which,
Everything must be readily run-anywhere, black-box-capable deployable as ad hoc code launched with self-hosting, Azure web app service (PaaS), Docker-contained, or VM (IaaS). I also intend to set up a hosted instance and offer limited blog hosting for free, extended features for a fee. In this sense, WordPress is a competing platform.
"Extended features, like ..?" Premium templates. Large storage hosting. And premium add-on features yet to be defined.
The templates can be based on Razor, but "pages" cannot be tightly defined. If this platform grows up, it needs to be a more than a blog, it needs to be a mini-CMS (content management system).
Social networking ecosystem is a mandatory consideration; full blogging must integrate with microblogging and multi-contributor cross-pollination including across disparate sites and systems; more on this later, but imagine trusted Twitter users liking Facebook posts.

Again, yes, I am unpacking a two decades old solution proposal to a Web 1.0 / 2.0 problem, but that problem never really went away, it just became less prominent. I really don't anticipate this blowing up to being much of anything. At a minimum, I need to convert all of my content here on this technical blog (at http://www.jondavis.net/techblog/) to a home-grown platform of my own making, even if after doing that I call it done and walk away.

Another motivator for getting that done is the fact that just writing this, I'm writing with very tiny text on a very high resolution screen, and you're probably squinting reading this, too, if you're reading it from my web site, and if you actually made it this far. Again, yes, I could simply just replace the template and maybe refresh the version of BlogEngine.net which I'm using. But, why do that, when I call myself a 23-years-plus experienced web development veteran and could just build my own? Am I really so useless in my aging as to be unable to build something of my own again? Not like a blog engine will get me a better job, duh, so much as the fact that using someone else's engine just plain looks bad on me. So, this is a lightweight test of mettle. I need to do this because I need to.

On a final note, I'll mention again what I'm focusing on first: "who am I"--authentication and authorization. I'm learning up on Identity Server 4. I'm still new to it, so this will take some time. Right now it looks like the black box version of my blog engine will come with an instance of Identity Server 4, based perhaps on ASP.NET Core Identity as the user store; developers can tweak it out to their heart's content. I'm still mulling over whether to just embed it into the blog app (underkill? too much in one?) or separate it out as a separate SSO-oriented web app (overkill? too many distributed parts for a mere blog?), but at this point I'll likely do the former for the black box download (source code included) and the latter for the hosted instance which I hope to set up and offer to people wordpress.com-style.

Time to blow off some dust, toot my own horn, and hit the books

Jon Davis — Tue, 15 Oct 2019 09:36:25 +0000

This is a mirror from my blog post at http://www.jondavis.net/techblog/

Woah, Nelly!

Jon Davis's blog is back up! Last post was .. more than three years ago! Daaaang! How ya'll been?! Missed ya'll! Miss me?

I'm just posting a quick update here to let ya'll know that the gears in my tech world have started turning again, and to update ya'll on what's going on.

You may or may not have noticed that my root web site http://jondavis.net/ went through a couple phases and got stuck with that dorky "please wait" console-ish page. I was supposed to have replaced it by cough .. 2016. It's now approaching the year 2020. What happened? Well what happened was I got a few kicks in the pants. Got myself into some really humbling situations, not the fun kind. Perhaps you might say I got phased out of the software dev community. But I never fully left the software dev community, just stayed in the bushes, so now I'm in high gear phasing back in. I might try to explain ...

A few blog entries ago (this goes back to 2014) I wrote about how I needed to reset things, and how I needed to mull over what was going on at work. So here's a recap on my career path lately up till my previous job:

In 2012 I was hired at Neudesic, a prominent consultancy firm. I dreamed of surrounding myself with smart people I could glean from. It turned out that things were pretty erratic at Neudesic. My first project assignment the client was Microsoft themselves. Prior to my joining they had just canned a project to build a big, beautiful Windows 8 themed web site where developers and other staff would post all-important articles and index them with Lucene.NET. Architecturally it was a disaster, and they canned the Microsoft executive at the same time they canned the project. So my joining the team, they were trying to salvage that project. I worked with them to try to dig into the code, get it up and running, figure out the performance issues, etc., and at some point I flew out to Redmond, Washington to discuss with the local Neudesic managers who were interfacing with Microsoft in person. Then I opened my mouth. I said, "Ya'll are really just makin' a blog. Why not add blog-ish things? Why reimplement Sharepoint?" Suddenly we were all fired. So then they shipped me off to Pulte Homes, where I did some work there, but the architect for that project and I didn't seem to know what we were doing on the user authorization detail and I proved blunt enough that they "couldn't afford" to keep me on after a couple months. So then they shipped me off to California to work with Ward & Brown on the Obamacare / ACA implementation there, again late to the party and annoyingly insistent to "help". But when QA and I asked around where the production/staging servers were, and they realized they apparently missed that part, they canned all their contractors. All 250 of us. So there I was stuck in the Neudesic-Phoenix office waiting for them to call me in. And they did. They laid me off. Like the child-man that I was, I accidentally let them catch me choking. They did say they might be able to take me back in a few months, though, so ...
For the next few months I did some contract work for a local entrepeneur. I waited that out for a while and ultimately I wanted to go back to Neudesic, so ...
In mid-year 2013 I asked Neudesic to take me back in. They did. They brought me back with open arms. It was more awkward for the lot of them than I or anyone anticipated. I'd made myself a reputation for being unrefined up to that point, I'm pretty sure. But anyway, when I arrived (a second time) I noticed that more people, including my former manager, were no longer there. They were laid off too. And I shipped back to Pulte Homes, on another, bigger project. I was up front with them, though, about what specific tools I was unacquainted with, specifically Bootstrap and the like, at the time. They shrugged that off, brought me in anyway. That project was led by--ima be frank here--a really, REALLY bitchy, control freakish, PMS-y woman. I tried to overlook it at the time. I tried to pretend it wasn't so at the time. I'm thinking back half a decade now, and I'm saying it like how I witnessed it. She was horrible. If I ever get in a situation like that again I'll run for the hills. That was awful. She was awful. But anyway, at the time, overlooking that (which I deliberately did), since the lead personality who'd previously been on that project but was laid off was now gone, and I wasn't getting much in the way of introduction, I deliberately, if bombastically, made a ton of assertions and at the same time asked a lot of really stupid, ignorant questions, which ticked off everyone on the team. So they canned me from the team. So that was fun. But what really did me in was I overheard the Neudesic chief developer director guy tell my boss that I "shouldn't be writing software". They assigned me some out-of-state ops role. I should have quit then and there; sure, I screwed up, but I'm a developer, not an ops guy. I didn't last long, and I ultimately did resign.
So now in 2014 I got a very odd and delightfully educational gig with DeMark Analytics. So first of all, Tom DeMark, the owner, is a wealthy financial technician (a term I never knew before) who did what I imagined doing some years back--he studied financial charts and came up with artificially intelligent algorithms that predicted changes in the market. He's one among many people who come up with this stuff, but even so, that's what he did. So now they were building a product for people who could use these financial chart studies--a charting app, basically, with studies being overlaid over the chart. This entailed financial event data being siphoned in to both the back-end engine as well as to the client (the web browser). This is high tech stuff, and the pattern in use was CQRS-ES, which I'd never heard of much less mastered. So here's where it all broke down: 1) We all sat in close proximity to each other. No privacy. All conversations fully exposed. 2) I was hired as a lead, but I was wrong a couple times when I was adament, it was observed by the teammates, and so my authoritative experience as a lead developer was never trusted again. 3) Everyone in the company but maybe four of us was either family to Tom DeMark or close friends of Tom DeMark. It was a nepositic environment. I worked under one of Tom's sons (he was CEO/President), and another of Tom's sons worked under me--well, alongside me, since me being lead didn't work out. He was a bit spoiled. Quick on the Javascript, though, I couldn't keep up with his code, which was charting graphics. Like, at all. So I stopped trying. 4) My pay was adequate (best I can say about it) but my paycheck was cut monthly. Weird, bizarre, and painful. But it was worth it, I was investing in this, I figured. 5) My direct boss was a super high IQ ass. I asked technical questions about the middle/back end from him, like about how Cassandra was to be used, and instead of answering, he'd call everyone over--the CSS front-end developers, everyone. Then ask me to ask my question again. All to I guess humble me? .. Show me that this was "duh" knowledge that everyone would know and understand? So where this went critical was 6) I again used rhetoric. Crap, man. This pretty much got me fired. I used rhetoric! What I mean is, I insinuated, in so many words, that "your explanation sounds vague, and if I didn't know any better I'd say it almost sounds like you said [something obviously stupid]". Except I didn't say it like that, I actually, literally said, ".. you mean [something obviously stupid]?" I really, truly, genuinely trusted that he understood that I was being rhetorical, but this was the second time I made that mistake--I made the same mistake at Neudesic, "I can't read that [Javascript code]", I could, but I was getting at I shouldn't have to stop and read it--and with these guys it was sabotage. A few minutes later after we returned to our desks he threw his hands up and announced he was switching to Java/Scala. "Sorry Jon." Sorry, Jon? So yeah he was basically saying "you're fired, please quit." It took a couple more months, but I eventually did.
So then I work at another consultancy firm. Solution Stream. Utah-based. They seemed to be trying to spread out into Phoenix. "I can do this," I thought. I learned at Best Software (Sage Software) when I moved to Arizona how consultants--consultants, not contractors--work, and bring prestige to the process of coming up with technical solutions and strategies, documenting them, and working them with the clients. But Solution Stream was really primarily just interested in creating contractors, apparently, but regardless, they didn't appreciate what I brought to the table, they undersold my capabilities, the executives decided they didn't like me, and they literally pulled me off a project that the client and my direct boss said I was doing great with and signed me over to Banner Health as a temp-to-hire (fire). I had no interest in being hired as a permanent Banner Health employee. When my temp-to-hire contract ended (the "temp-" part), everything ended. I swore off all consulting firms at that point. No more consulting firms. Never again.
So then I got picked up at InEight. Bought out by major construction company Kiewit, InEight was building a cloud version of their Hard Dollar desktop app which manages large scale construction logistics (vendors, materials, supplies, etc). They had some workable plans and ideas. But things broke down real fast. Everyone who interviewed me quit within the year I joined, and it wasn't hard to see why. 1) They had non-technical people at the helm (senior leadership) making some very expensive and frustrating platform and architecture decisions. High performance software with minimal performance hosting, nothing worked, because they didn't want to spend the money for scaling the web tier. 2) The work was outsourced. Most of it was outsourced to India. Eventually they shipped some of it onshore to another midwestern state. But even onshore, most of their staff were H1-B visa holders. Foreigners. Nearly everyone I was working with was from India. Even after so many people quit, I stuck around as long as I could. But eventually I couldn't stand things anymore, my career path had become stagnant, and I knew I couldn't work with the senior executives (no one could, except people from India I guess). I was about to give two weeks notice, when those senior execs pulled me into a room and chewed me out for being "disrespectful". I was done. Never saw them or anyone over there again. (Actually, that's not entirely true; I have maintained strong friendship with at least one colleague from there. He got laid off a few months after I left. We're friends; we literally just met up this week.)
For the last year and a half I've been working ... somewhere. For now. I came in as a lead developer, but they, too, openly declared me "disrespectful", so I've given up and just been a highly productive, proficient, heads-down programmer. This place, too, is mostly H1-B visa holders from India. I'm surrounded by foreigners. Scarcely a black, white, or Mexican face. It's depressing. I have less and less each year against Indians but my God, let me work with people of my own culture if I'm here in USA, just a few like-minded, like-raised friends, just a few? And now my team is getting dismantled, due to a third party taking over what we're doing. So I'm about to get laid off. If I'm not laid off, though, well, ... 1) as a contractor, I don't get paid holidays, I don't get paid vacations, and that was painful enough, but unexpectedly after my hire it turns out there is a mandatory two weeks unpaid leave during Christmas & New Year's, and that's unacceptable ($thousands of $dollars lost, not to mention depressing since I spend holidays alone, so yes, it's unacceptable). 2) I have been super comfortable, and super complacent, with little to gain in technical growth. It's been ASP.NET MVC with SQL Server and jQuery. And some .NET Core 2.2 and Razor Pages. Woo wee. sigh So yeah, I'm open to change, regardless of whether I get laid off.

There's my life story for the last seven years. Stupid, depressing, awful, I've been awful, I've let myself screw myself over time and time again. So here is my new strategy.

I have no one to blame, even where I've whined and complained, I have no one to blame for my life's frustrations but myself. It's part of the maturing process. I've embraced my learnings and I will carry on. I will try to let go of the past, but I only repeat and document them here because I have learned from them, and perhaps you can, too. What do I want in my career path? I miss the days when I was an innovator.

Tooting my horn -- my legacy

You guys remember AJAX? Yeah? I dreamed up AJAX in 1998 when IE4 came out. I called it "TelnetGUI". Stupid name. Other people came up with the same idea a few years later and earned the credit.

You guys remember Windows Live Writer? Yeah? ... Total rip-off of my PowerBlog app, down to detail. You could say I prototyped Windows Live Writer before Microsoft started working on Windows Live Writer. Microsoft even interviewed me after I built PowerBlog, because of PowerBlog and its Microsoft-minded inspirations of component integration. Jerk interviewer was like, "Wait, you mean you don't know C++?! Oh good grief, I thought you were a real programmer." Screw you, Microsoft interviewer. LOL. Anyway, Windows Live Writer came out a couple years later. Took all of PowerBlog's fundamental ideas, even down to the gleaning the CSS theme and injecting the theme into the editor.

You guys remember PowerShell? Yeah? I prototyped the idea in or around 2004. I took the ActiveScript COM object, put it in a C++ console container, spoonfed some commands where you could new-up some objects and work with them in a command-line shell, suggested that the sky's the limit if you integrate full-blown .NET CLR and shell commands in this, and showed it to the world on Microsoft's newsgroups. Microsoft was watching; I planted a seed. A year or so later, PowerShell ("Monad") was previewed to the world. I didn't do the dirty work of development of it, but I seeded an idea.

You guys remember jQuery UI? Yeah? I cobbled together a windowing plugin for jQuery a year or two before jQuery UI was released. It was called jqDialogForms. Pretty nifty, I thought, but heck, I never got to use it in production.

In fact there's a lot of crap in my attic I recently dug out and up over at https://github.com/stimpy77/ancient-legacy. (It really is crap, nothing much to see.)

And, oh yeah, you guys remember Entity Framework, Magical Unicorn Edition? I, too, had been inspired by Fluent NHibernate, and I, too, was working on an ORM library I called Gemli [src]. Sadly, I ended up with a recursion nightmare I myself stopped being able to read, development slowed to a halt, and then suddenly Microsoft announced that EF Magical Unicorn Edition, and I observed that it did everything I was trying to do in Gemli plus 99x more. So that was a waste of time. Even so, that was mini-ORM-of-my-own-making #2 or #3.

All of these micro-innovations and others are years old, created during times of passion and egotistical self-perception of brilliance. What happened?! I think we can all see what happened. My ego kept bulldozing my career. My social ineptitude vanquished my opportunities. And I got really, really lazy on the tech side.

My blog grew stagnant because, frankly, career errors aside, my bold and lengthy philisophical assertions in my blog articles were pretty wrong. Philosophies like, "design top down, implement bottom up". Says who? Why? I dunno. Seemed like an interesting case to make at the time. But then people at meetups said they knew my name, read my blog, quoted my article, and I curled up and squealed and said "oh gawd I had no idea what I was writing". (Actually I just nodded my head with a smile and blushed.)

For the last few weeks I have spent, including study time, more than 70 hours a week, working. Working on hard skills growth. Working on side project development--brainstorming, planning. Working on fixing patchy things, like getting this blog up, so I can get into writing again. It's overdue for a replacement, but frankly I might just switch over to http://dev.to/ like all the young cool kids. OH HAI!!

Tech Things I Am Paying Attention To

.NET Core 3 is where it's at, .NET 5 is going to be The Great .NET Redux's great arrival. However, the JVM has had a huge comeback over the last half-decade, and NodeJS and npm like squirrelly cats have been sticking their noses in everything. Big client-side Javascript libraries from a year or two ago (Facebook's React, Google's Angular, China's Vue) are now server-side for some dumb reason. Most importantly, software is becoming event-driven. IaaS is gone. PaaS is passe. Kubernetes is now standard, apparently. Microsoft's MSMQ is so 1990s, RabbitMQ so 00's, LinkedIn's Kafka is apparently where it's at, and now Yahoo!'s Pulsar is gaining noteriety for being even more performant.

My day job being standard transactional web dev with ASP.NET/jQuery/SQL has made me bewilderingly ansy. If I want to continue to be competitive in complex software architecture and software development I've got to really go knee deep--no, neck deep--in React/Angular/Vue on the front-end, MongoDB, Hadoop, etc on data, Docker/Kubernetes on the platform, Kafka on the data transfer, CQRS+ES on the transaction cycles, DDD as the foundation to argue for it all, and books to explain it all. I need to go to college, and if I don't have time or money for that I need to be studying and reading and challenging myself at all hours I am free until I am confident as a resource for any of these roles.

Enough of the crap reputation of being a wannabe. Let's be.

DEV Community: Jon Davis

CoreIdent 0.4: A Ground-Up Rewrite for .NET 10+

CoreIdent 0.4: A Ground-Up Rewrite for .NET 10+

🔄 Why a Rewrite?

The New Vision

What's Working Today

Token Endpoint (/auth/token)

Authorization Flow

Standards Compliance

Asymmetric Key Support

Pluggable Persistence

Test Infrastructure

🚀 Quick Start

What's Next

📚 Documentation

🤝 Get Involved

Previous Articles

C# (Maybe) Joins the Motia Family: Building Multi-Language Workflows with .NET 9

What is Motia?

C# Support

What Makes This Special?

See It In Action

The Development Journey

1. Roslyn Scripting Integration

2. RPC Protocol Design

3. CLI Template System

4. Multi-Language State Sharing

5. Process Management

Real-World Multi-Language Example

Technical Deep Dive

Architecture Highlights

Performance Characteristics

Future Optimizations (Phase 7)

Testing

Trying It Out

Prerequisites

Step Types Available

Try It Yourself

Why This Matters

What's Next?

Feedback Welcome

Resources

CoreIdent v0.3.5: OIDC ID Tokens, Real-World Gaps, and What’s Next

🚀 What’s New in v0.3.5

🧐 Why This Matters

🔭 What’s Next?

📚 Read More

CoreIdent Phase 3 Milestone: OAuth 2.0 Authorization Code Flow & Token Security Hardened!

What's New in v0.3.1 (Phase 3 Progress)?

🚀 Authorization Code Flow + PKCE

🔒 Hardened Refresh Token Security

✅ Test Suite Overhaul & Bug Fixes

📚 Updated Documentation

What's Next?

Get Involved!

Introducing ConsoleInk.NET: Streaming Markdown Rendering for .NET Console Apps

What is ConsoleInk.NET?

Why Another Markdown Library?

Features

Hyperlinks

Code Blocks

What's Not Supported (Yet)

Implementation Approach

Getting Started

Future Plans

Try It Today

CoreIdent Phase 2 Complete: Adding Persistence and Extensibility

What's New in Phase 2?

1. Entity Framework Core Storage

2. Delegated User Store Adapter

3. Refined Interfaces and Models

4. Robust Refresh Token Implementation

What's Next: Phase 3

Getting Involved

Coming soon: Announcing CoreIdent

How do you manage focus in ramp-up?

Prelude to a Blogging Reset

Time to blow off some dust, toot my own horn, and hit the books

Woah, Nelly!

Tooting my horn -- my legacy

Token Endpoint (`/auth/token`)