Menu
I am researching on this topic last weeks and unfortunately I can't figure out. I understand the difference between authentication and authorization.
I will appreciate any guidance on the topic.
What I need as general is to implement single sign on for several web sites which are driven with apis which also should handle authentication. The users should be able to register/login with username/pass or respectively through any third party service like facebook, google+, twitter etc.
In the scenario above what is the better approach? Should I use only identity server, or only authorization server or both?
Thank you in advance.
366
In summary, an identity provider is the software component that authenticates and issues a token representing a user or other entity, while an authorization server is the server software component that validates and provides tokens that represent a user or other entity.
IdentityServer. IdentityServer is an OpenID Connect provider - it implements the OpenID Connect and OAuth 2.0 protocols. Different literature uses different terms for the same role - you probably also find security token service, identity provider, authorization server, IP-STS and more.
IdentityServer3. IdentityServer is a framework and a hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2.
Start with IdentityServer - this is your identity management system.
AuthorizationServer in addition is a full featured OAuth2 implementation that can use IdentityServer as a user store.
http://leastprivilege.com/2013/06/16/relationship-between-identityserver-and-authorizationserver/
135
Your scenario is more like Authentication which is confirming the identity of the user. On the other hand Authorization is if a person or if a role can execute some operation.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
