OAuth as authentication internally?

Question

I'm building an .net MVC Web API and I have come to the authentication part. I saw OAuth as almost a given authentication choise, but everywhere I read about it they talk about logging in with a Facebook, Google or other third part account. This is nothing I want at this point. My question is simply: Can I use OAuth with my own database users or is OAuth something I plug in on top of my own authentication and then connects to my own db users?

Answer 1

OAuth solves the problem of one web application trying to access another web application on behalf of a user without having to share the credentials.

Can I use OAuth with my own database users?

The answer is yes.

In this case, you're the provider (just like facebook or google). Your .net MVC Web API serves as the resource server and you have to build a web application to serve as an authorization server. Your client application or other 3rd applications can redirect users to these applications to perform authentication and issue access token. You should go with this option of building your own resource server and authorization server if you need to provide APIs to 3rd-party applications without having to share the credentials.

If all your applications are internal, you should not be concerned with sharing credentials, using a normal authentication or OAuth is fine.

Answer 2

If you use OAuth means that you dont have to store actual credentials for the user.The OAuth provider will take care of authenticating user for you.

Yes you'll need to plug in OAuth on top of your own authentication

User will be redirected to the Provider's site to authenticate himself,you just need to store the access token and access secret/refresh token returned from the OAuth provider depending on if you are using OAuth 1.0/1.0a or Oauth 2.0 .These tokens can be used to further access.