Cross platform ServiceStack Authentication

Question

What is the best way to architect the following solution for authentication?

I have a standalone (not integrated with MVC) ServiceStack REST service layer. This service is the entry point to all my data. No data is stored on the client.

I have multiple clients (ASP.Net MVC 4 site, MonoTouch app, MonoDroid app, Silverlight app, MonoMac app, etc).

I would like to provide authentication (Facebook, Twitter, etc) at the service level, including storing the users in the MongoDBAuthRepository, but allow the clients to provide the login UI (do I want this?). For example, for the MVC site, I'd like to integrate the remote ServiceStack authentication service (including Facebook, Twitter), with MVC's authentication system. It seems like the actual authentication should occur on the service side, but the client side needs to hold on to the authentication response.

I've read the wiki, looked at SocialBootstrap, and read the forum, but I'm still confused as to how this is supposed to work in a distributed way.

Answer 1

For OAuth options like Twitter + Facebook your authentication should happen in a browser as they each require redirections from their respected auth provider to capture trusted verification from each user. Some mobile apps do this by embedding a browser widget for Twitter + FB Auth.

Once a user is authenticated with Twitter + Facebook and Credentials in the same authenticated session, ServiceStack's AuthProviders automatically merges all Auth info into the same account. So later you will be able to login with 1 auth provider but get access to info available on all 3. The SocialBootstrapApi project provides an example of this.