Last post May 15, 2014 11:16 AM by BrockAllen
May 15, 2014 04:12 AM|RicardoPeres|LINK
I have some questions on the OAuth implementation included with the latest ASP.NET:
1) How could we implement OAuth token storage, so that the web application can make requests on behalf of an authenticated user? To be clear, I want to have a site where one can log through OAuth (Google, Facebook, doesn't matter) and I want to have an offline
process that gets some information for that user (recent activity, etc);
2) For the first question, any plans to add this to the Identity provider? Any examples?
Thanks in advance!
May 15, 2014 11:16 AM|BrockAllen|LINK
The Katana OAuth2 authorization server middleware really is missing these additional features that makes it a full fledged OAuth2 AS. So, in short, you're on your own and they don't plan to add anything like that. If you need such advanced features, Microsoft
recommends using Thinktecture AuthorizationServer or IdentityServer (depending on your needs):
These are open source identity providers and authorization servers and implement the full protocol and the persistence needed for things like refresh tokens.