Reputation: 21
ThinkTecture IdentityServer3 vs Microsoft.Owin.Security.OAuth2
We are planning to build an OAuth2 authorization server in our company, and we're trying to figure out what to be the correct solution to implement it upon. Currently we're considering using the ThinkTecture IdentityServer3 or the plain Microsoft.Owin.Security.OAuth package. One of the things we take into account in which to choose is who already uses it. Unfortunately, I cannot find any information regarding IdentityServer3 customers on the ThinkTecture website, neither anywhere else. Does anybody know, if there are any big players, who rely on this library/framework?
If anybody has any other guidance in terms of which of the two solutions above is better, that would be valuable for us as well.
Cheers
Upvotes: 2
Views: 650
Answers (1)
Reputation: 7435
The Microsoft.Owin.Security.OAuth library has been deprecated by Microsoft essentially because to use it in any scenarios other than their one sample you have to build lots of additional security infrastructure on top of it. Doing this is not trivial and requires you to be very aware of the threats and mitigations when developing an OIDC/OAuth2 provider. This sort of security work is already done in IdentityServer. As such, Microsoft is recommending IdentityServer as the choice going forward for when you need your own customizable OIDC/OAuth2 token service for your applications and APIs.
Upvotes: 8
Related Questions
- IdentityModel vs Microsoft.IdentityModel vs System.IdentityModel
- When to use IdentityServer 3 for OAuth
- How to use ThinkTecture IdentityServer 3 in Web Api 2
- Thinktecture Identity server vs Authorization server
- Do you have to use IdentityServer 3's login views
- Thinktecture identity server client selection and implementation
- Any difference between IdentityServer3 and Thinktecutre.IdentityServer3?
- Thinktecture IdentityServer v3 with WindowsAuth
- Thinktecture IdentityManager vs IdentityServer
- Single Sign On With thinktecture IdentityServer v2