At work I’m developing a web api for a project that is to be used be several devices and possibly by 3rd parties; I was having a discussion with a few colleagues about the best way to secure this api and this eventually moved on to OAuth. The choice we faced was do we go with the existing and finalised OAuth protocol or do we take a chance and jump on board with OAuth 2 and all the benefits it brings, the choice was easy we needed or api to work on mobile devices, desktop apps and a whole host of non-web based apps.
Next step was to see if there was an existing library that allowed us to be a provider. Two that came up (did I mention this was a .Net project?) were DotNetOpenAuth and another one which I’ve just forgotten. I played about with both attempting to get it up and running but had some difficulty. Neither library suited my needs so I decided to try and build one my self; and I did 🙂
I had a read through the PHP implementation and read the protocol draft several times over and what I developed is my best interpretation of it. The project I was working on required the use of the assertion/password/refresh grants and that’s all I’ve tested so far. Hopefully someone will give the others a try too.
Dependencies: WCFRestContrib (only for the WCF helper attributes)
The project I’m working on has the api provided via WCF and obviously I had to get my OAuth implementation working with WCF (With a huge help from the fantastic WCFRestContrib library). Check out the example in the github repo to see a working version.
DotNet OAuth Provider of course.
There is no binaries yet, not until the draft is finalised or someone requests it. It’s easy to build any way as there are barley any dependencies.
I’ll make a post of how to set it up soon but until then hopefully the example is enough to get you going.