OAuth Authorization Service in ASP.NET Core

asp.netOauthasp.net Coreasp.net Core-Mvc

asp.net Problem Overview

In Web API 2, you used to be able to create an endpoint to issue a token by setting up an OAuth Authorization Server via middleware like below:

//Set up our auth server options.
var OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new SimpleAuthorizationServerProvider()
            };
 
 // Sets up the token issue endpoint using the options above
 app.UseOAuthAuthorizationServer(OAuthServerOptions);

Perhaps I'm missing it, but I'm trying to figure out how to do this in ASP.NET Core. I've looked through the source (https://github.com/aspnet/Security) but I don't really see anything analogous. Is there a new way to accomplish this? Do I need to just create a controller and do it myself?

I see how OAuth Authentication can be set up via Middleware, but this regards the authorization portion where I issue claims from my API.

asp.net Solutions

Solution 1 - asp.net

EDIT (01/28/2021): AspNet.Security.OpenIdConnect.Server has been merged into OpenIddict as part of the 3.0 update. To get started with OpenIddict, visit documentation.openiddict.com.

Don't waste your time looking for an OAuthAuthorizationServerMiddleware alternative in ASP.NET Core, the ASP.NET team simply decided not to port it: https://github.com/aspnet/Security/issues/83

I suggest having a look to AspNet.Security.OpenIdConnect.Server, an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3: there's an OWIN/Katana 3 version, and an ASP.NET Core version that supports both the full .NET framework and .NET Core.

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

ASP.NET Core 1.x:

app.UseOpenIdConnectServer(options =>
{
    options.AllowInsecureHttp = true;
    options.TokenEndpointPath = new PathString("/token");
    options.AccessTokenLifetime = TimeSpan.FromDays(1);
    options.TokenEndpointPath = "/token";
    options.Provider = new SimpleAuthorizationServerProvider();
});

ASP.NET Core 2.x:

services.AddAuthentication().AddOpenIdConnectServer(options =>
{
    options.AllowInsecureHttp = true;
    options.TokenEndpointPath = new PathString("/token");
    options.AccessTokenLifetime = TimeSpan.FromDays(1);
    options.TokenEndpointPath = "/token";
    options.Provider = new SimpleAuthorizationServerProvider();
});

To learn more about this project, I'd recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

Good luck!

Solution 2 - asp.net

For anyone still looking for the original OAuth Authorization Server in ASP.NET 5, I have ported the code and the original sample here: https://github.com/XacronDevelopment/oauth-aspnet

The port includes backwards compatibility to allow ASP.NET 4.x resource servers to read the access tokens created by the authorization server.

The nuget packages are here: https://www.nuget.org/packages/OAuth.AspNet.AuthServer https://www.nuget.org/packages/OAuth.AspNet.Tokens https://www.nuget.org/packages/OAuth.Owin.Tokens

Categories
Recommended asp.net Solutions
Recommended Oauth Solutions
Recommended asp.net Core Solutions
Recommended asp.net Core-Mvc Solutions

Previous Solution:

Laravel IN Validation or Validation by ENUM Values

PhpValidationLaravelEnums

Next Solution:

Webpack sass where is the css file

Javascriptnode.jsSassWebpack

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionswanneeView Question on Stackoverflow
Solution 1 - asp.netKévin ChaletView Answer on Stackoverflow
Solution 2 - asp.netXacronView Answer on Stackoverflow