I'm looking for an OAuth2 client API I can use in C#, and I came across Googles: http://code.google.com/p/google-api-dotnet-client/wiki/OAuth2
It talks about how to use it to integrate with OAuth for various Google services, but can this library also be used for non-Google OAuth services?
You probably can use for example OAuth2Authenticator.ApplyAuthenticationToRequest() but it will be tricky and not worth the effort. I would rather suggest taking a look at DotNetOpenAuth which supports OAuth2 (and is used by StackOverflow).
Related
I'm rather new to Web development so bear with me.
I've developed a backend server in C# (non-web app) that exposes some features via a REST API implemented in Web API (OWIN and Katana).
I've developed a Xamarin android app the consumes that API.
Now I want to enable the consumption of the API only for users who have authentication using Google.
I know OAuth is the way to do it and I've been reading a lot about it but I'm still kind of confused about the roles here and who should do what.
What should my server do or implement? what should my client do or implement?
An important feature of OAuth2 to be aware of is the two different authentication flow types:
implicit auth flow
explicit auth flow
I've personally found the Instagram API documentation to explain this pretty well:
https://instagram.com/developer/authentication/
Explicit auth flow is a little more tricky because it involves extra coordination on the part of your custom API. Implicit auth flow is a little easier, because your app will simply look for a URL fragment that comes back from the OAuth provider. That URL fragment contains a token that you can use for subsequent calls to the API that you want to talk to, Google in your case.
But in your case, it sounds like you want to use Google as the identity provider for your custom API, correct? In that case, I think you'll need to use explicit auth flow. Again, check out the Instagram docs. I find them to be particularly good at explaining OAuth2.
EDIT:
And be aware of the Xamarin.Auth component, which is designed for easing OAuth scenarios. You can find it in the Xamarin Component Store or on Github.
I'm looking for the easiest way to authenticate against google oAuth 2.0 implementation for the purpose of accessing the google Drive API. These are the constraints:
It has to be .NET 2.0 compatible
Can not use the google libraries
I'll be using a service account to do work on behalf of specific users
I've looked at DotNetOpenAuth, but the version for the .NET 2.0 runtime doesn't seem to support oAuth 2.0 (google has deprecated oAuth v1, which DNOA supports, of course).
Google's documentation is confusing, at best (witholding explitives here).
Not sure if this will help but the since you mentioned direct JSON, XML, etc. Google has a UI that simulates and generates requests as well as provides some limited documentation that might get you started on creating such code:
https://developers.google.com/apis-explorer/#p/
https://developers.google.com/oauthplayground/
The following provides some additional info on the login:
https://developers.google.com/accounts/docs/OAuth2Login
Far from exhaustive but it's a start if that's your angle.
I would like to use oAuth as a system to allow developers access to my API but not require them to pass through the login information.
There does not seem to be any good how-to's or blogs on this topic. Everything I have found is based on consuming an oAuth system such as Facebook or twitter. Wondering if anyone has any links to good instructions or libraries that could get me started. If there are no examples out there perhaps someone could consider writing one, the community really needs it.
Using OAuth to login is actually a side-effect, not the main goal of the protocol. The best place to start with providing an OAuth-protected API is the protocol specification and since this is a new service, you should take a look at OAuth 2.0 1. It is pretty much done and ready for deployment.
To implement OAuth 2.0 you will need to make a few important decisions about which features you are going to support and your scaling needs. There are also a lot of security considerations to go through. I would suggest you start with supporting the authorization code and implicit grant types.
I would look into DotNetOpenAuth. It should work for your needs, but I've only used it for the OpenID stuff.
I am struggling trying to pick apart the OAuth Service Provider example which is included in DotNetOpenAuth. I searched SO and found a few similar/related posts, but nothing really useful. Is there any open-source project or really simple/primitive example of an ASP.NET MVC 2 OAuth Service Provider? All I want to use OAuth for is authentication of the service. I was going to roll my own api with a key/secret, but thought a tried and tested protocol like OAuth would probably be a better solution.
I ended up doing some extensive research to find that I didn't need the traditional 3-legged OAuth and only needed 2-legged. The problem is 2-legged OAuth information is pretty hard to find. I finally found an Google spec for implementing 2-legged OAuth:
http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/2/spec.html
I also found an implementation of it, as Justin.tv is using it for their services:
http://apiwiki.justin.tv/mediawiki/index.php/OAuth_Ruby_Tutorial
I also stumbled across an excellent OAuth testing tool which helped me greatly in implementing the service:
http://term.ie/oauth/example/client.php
2-legged OAuth is pretty simple once you understand what you are looking for and how to implement it. If you're searching for OAuth, most likely you are finding articles talking about the traditional 3-legged OAuth which involves 3-parties as the name implies: consumers, service providers, AND users. Two-legged strictly involves consumers and service providers. If you're service does not deal with users specifically, 2-legged OAuth is just what you're looking for.
As for a framework, I am using ASP.NET MVC so I ended up settling on a github repository located here:
https://github.com/buildmaster/oauth-mvc.net
Its got some really nice, clean code, and uses dependency injection (Ninject). It didn't take much for me to be able to modify it for 2-legged OAuth.
I have been doing a bit of searching around on oauth2 and think it may be a good fit for some WCF rest services I am building out that will be consumed by some WPF apps and MVC web apps. The idea would be that the user is initially asked to login with their username / password and receives an access token which gives them access to the aforementioned resource(s).
Searching around here on SO I have not found much information on oauth2 except for a few consumer related questions to facebook etc.
I'm wondering if anybody can provide some tips on implementing oauth2 (or knows of any good resources). I am interested in both the provider (authenticating and issuing access tokens) as well as the client/consumer end.
.NET OAuth2 Libraries
The only OAuth2 library I found is from dotnetopenauth which also seems to be heavily into openid. At this stage I'd rather a library that is a little lighter and just emcompasses oauth2
Are there any other oauth2 libraries available yet?
There's OAuth .NET