Forgive how new I am to this concept. I have an app (Asp.Net web forms using the built-in forms authentication currently) that my company wants to migrate the authentication/authorization aspects to their sphere authorization/authentication services.
What I've been told is their server utilizes JWT tokens, and for the most part complies with the Oauth standard. They have provided me with "endpoints": A "public key" endpoint, a "Users" endpoint that provides information about users etc. Also, I've been
provided with a login to redirect to (e.g. https://accounts.services.qa2.qa.mycompany.com/login)
I'm thinking/hoping I don't have to write custom methods to utilize these endpoints etc and that I can use some middleware such as app.UseOAuthAuthorizationServer to connect my app to their auth services. Problem is most of the documentation I'm reading
points to well-known 3rd partys with their own middleware for this such as facebook, twitter, google etc.
So long story short is I don't even know the right question to ask. Has anyone been here before? Can you point me to code samples or documentation that might help me do what I'm trying to do here? Any guidance would be greatly appreciated.
There is no easy answer to this question. The first step is learning OAuth. You need to know what you're securing, what flows you're supporting, and what your clients are; ie a browser, code?
There's a build your own OAuth server in the learn links above which should help with the basic concepts you'll need. Start there...
I'm thinking/hoping I don't have to write custom methods to utilize these endpoints etc and that I can use some middleware such as app.UseOAuthAuthorizationServer to connect my app to their auth services. Problem is most of the documentation I'm reading points
to well-known 3rd partys with their own middleware for this such as facebook, twitter, google etc.
You have to read the "sphere authorization/authentication" reference documents so you know what features the service exposes and what features you need in the app.
If we assume a browser client and a super basic flow, then you'll redirect the browser to a login page and pass along information in the URL which identifies your application with the OAuth services. The user will login and the service will redirect
back to your app where you'll validate the JWT. On success, create an auth cookie to authenticate the user. Authorization is another feature but requires further analysis on your side.
Base on your requirement , you could choose different flows to completer the authentication/authorization . The OAuth 2.0 authorization code flow is described in section 4.1 of the OAuth
2.0 specification. It is used to perform authentication and authorization in most application types, including web apps and natively installed apps. Check the document and learn how the OAuth protocol works . After that , you could manually redirect
user to IDP's login page or use OWIN OAuth middleware to implement your OAuth 2.0 Authorization Server in asp.net .
None
0 Points
29 Posts
Authenticating with my companies JWT serving Oauth server
Sep 24, 2018 04:20 PM|jmhooten|LINK
Forgive how new I am to this concept. I have an app (Asp.Net web forms using the built-in forms authentication currently) that my company wants to migrate the authentication/authorization aspects to their sphere authorization/authentication services.
What I've been told is their server utilizes JWT tokens, and for the most part complies with the Oauth standard. They have provided me with "endpoints": A "public key" endpoint, a "Users" endpoint that provides information about users etc. Also, I've been provided with a login to redirect to (e.g. https://accounts.services.qa2.qa.mycompany.com/login)
I'm thinking/hoping I don't have to write custom methods to utilize these endpoints etc and that I can use some middleware such as app.UseOAuthAuthorizationServer to connect my app to their auth services. Problem is most of the documentation I'm reading points to well-known 3rd partys with their own middleware for this such as facebook, twitter, google etc.
So long story short is I don't even know the right question to ask. Has anyone been here before? Can you point me to code samples or documentation that might help me do what I'm trying to do here? Any guidance would be greatly appreciated.
Nerd
All-Star
47661 Points
20882 Posts
Re: Authenticating with my companies JWT serving Oauth server
Sep 24, 2018 06:19 PM|mgebhard|LINK
There is no easy answer to this question. The first step is learning OAuth. You need to know what you're securing, what flows you're supporting, and what your clients are; ie a browser, code?
There's a build your own OAuth server in the learn links above which should help with the basic concepts you'll need. Start there...
https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
You have to read the "sphere authorization/authentication" reference documents so you know what features the service exposes and what features you need in the app.
If we assume a browser client and a super basic flow, then you'll redirect the browser to a login page and pass along information in the URL which identifies your application with the OAuth services. The user will login and the service will redirect back to your app where you'll validate the JWT. On success, create an auth cookie to authenticate the user. Authorization is another feature but requires further analysis on your side.
All-Star
18815 Points
3832 Posts
Re: Authenticating with my companies JWT serving Oauth server
Sep 25, 2018 05:31 AM|Nan Yu|LINK
Hi jmhooten ,
You can firstly learn the OAuth 2.0 specification from below link :
https://tools.ietf.org/html/rfc6749#section-4.1
Base on your requirement , you could choose different flows to completer the authentication/authorization . The OAuth 2.0 authorization code flow is described in section 4.1 of the OAuth 2.0 specification. It is used to perform authentication and authorization in most application types, including web apps and natively installed apps. Check the document and learn how the OAuth protocol works . After that , you could manually redirect user to IDP's login page or use OWIN OAuth middleware to implement your OAuth 2.0 Authorization Server in asp.net .
Best Regards,
Nan Yu