Reputation: 9818
OAuth in asp.net MVC projects
How come online i see both of these? Is there any difference?
var OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
AuthorizeEndpointPath = new PathString("/Account/Authorize"),
Provider = new SimpleAuthorizationServerProvider(UserRepository, UserStore),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
and
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(8),
Provider = new SimpleAuthorizationServerProvider(UserRepository, UserStore)
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
How come the method UseOAuthBearerTokens takes in OAuthAuthorizationServerOptions as a parameter?
Upvotes: 2
Views: 1056
Answers (1)
Reputation: 17691
I believe the first one, UseOAuthBearerTokens(options), was added in Web API 2.1, and it encapsulates the call to UseOAuthAuthorizationServer and UseOAuthBearerAuthentication.
Unfortunately, a lot of samples in articles/blogs on the web don't include a publish date, so it's hard to track whether the code is still applicable. And given the speed at which these APIs are being updated, I don't think it will get less confusing.
Here's the code from the Owin.AppBuilderExtensions.cs found in the Microsoft.Owin.Security packages, for reference, as of Web Api v2.2:
public static void UseOAuthBearerTokens(this IAppBuilder app, OAuthAuthorizationServerOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
app.UseOAuthAuthorizationServer(options);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = options.AccessTokenFormat,
AccessTokenProvider = options.AccessTokenProvider,
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Description = options.Description,
Provider = new ApplicationOAuthBearerProvider(),
SystemClock = options.SystemClock
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = options.AccessTokenFormat,
AccessTokenProvider = options.AccessTokenProvider,
AuthenticationMode = AuthenticationMode.Passive,
AuthenticationType = DefaultAuthenticationTypes.ExternalBearer,
Description = options.Description,
Provider = new ExternalOAuthBearerProvider(),
SystemClock = options.SystemClock
});
}
Upvotes: 2
Related Questions
- ASP.net 5 MVC app, with Web Api app - how to implement oAuth
- MVC 5 application - implement OAuth Authorization code flow
- OAuth Authorization Service in ASP.NET Core
- How to write OAuth2 Web API Client in Asp.net MVC
- OAuth Asp.NET MVC
- Oauth2 without MVC in webforms
- Oauth Authentication
- Authentication in ASP.NET 5 (vNext)
- oAuth ASP.NET Membership Provider
- MVC based API - how to implement OAuth?