I am looking for any article or forum thread, where I could find information how to make oauth 2.0 authentication. Especially I have MVC 3 application and WCF Restfull API. And I have to call API methods from web app with using oauth 2.0 protocol authentication. But I could not find any information about it. After googling I see only results how to develop clients for facebook, linkedin, google etc.. Any help would be helpful. Thank you.
OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application.
OAuth 2.0 is not backwards compatible with OAuth 1.0 or 1.1, and should be thought of as a completely new protocol. OAuth 1.0 was largely based on two existing proprietary protocols: Flickr's authorization API and Google's AuthSub.
You could have a look at DotNetOpenAuth. It has a client library which you can easily install from NuGet here.
Using DotNetOpenAuth
all the OAuth plumbing is handled behind the scenes.
DotNetOpenAuth:
When you install the NuGet Package: https://www.nuget.org/packages/DotNetOpenAuth.Ultimate/4.3.3.13295
You can setup an OAuth client like this:
var authorizationServerDescription = new AuthorizationServerDescription
{
ProtocolVersion = ProtocolVersion.V20,
TokenEndpoint = new Uri("https://yourUrl/token"),
AuthorizationEndpoint = new Uri("https://yourUrl/authorize")
};
var client = new WebServerClient(authorizationServerDescription, "ClientIdentifier", "ClientSecret");
Then you can request a IAuthorizationState
like this:
// Resource Owner Password Flow
client.ExchangeUserCredentialForToken("userName", "password");
// Client Credential Flow
client.GetClientAccessToken();
The IAuthorizationState contains the AccessToken
you can use to Authorize against your Api. If a RefreshToken is provided you can also refresh your authorization using:
client.RefreshAuthorization(AuthorizationState);
ThinkTecture:
Alternatively you could use Thinktecture.IdentityModel
. If you chose to use Thinktectures IdentityModel be sure to check out this post: Introducing OAuth2 Code Flow and Refresh Token Support in Thinktecture IdentityServer. Which not only explains how to set up an OAuth Token Server using Thinktecture, but how to use the client as well including a code sample. Ofcourse you can use this client to validate against another OAuth 2.0 server as long as the parameters are implemented according to the OAuth specifications.
OAuth 2.0 Playground If you want to have a better look at the OAuth 2.0 flow, be sure to check out Google's OAuth 2.0 Playground. I think that a lot of people don't know that it is possible to test your own server with it. Just push the 'settings' icon in the top right and set:
OAuth endpoints: Custom
And you're good to go.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With