You probably know how to secure your API with access tokens, but did you know you can use reference tokens to improve security? The token exchange standard for delegated access? A custom grant for API to API access? And what about improving client authentication for those use cases where clientid & client secret don’t cut it anymore? In this in-depth session we’ll cover all of these topics, extensively using IdentityServer4 in the process. Note that some previous knowledge on OAuth2 and OpenID Connect is a must.