2

How come online i see both of these? Is there any difference?

var OAuthOptions = new OAuthAuthorizationServerOptions
{
    TokenEndpointPath = new PathString("/Token"),
    AuthorizeEndpointPath = new PathString("/Account/Authorize"),
    Provider = new SimpleAuthorizationServerProvider(UserRepository, UserStore),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
    AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);

and

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
    AllowInsecureHttp = true,

    TokenEndpointPath = new PathString("/token"),
    AccessTokenExpireTimeSpan = TimeSpan.FromHours(8),

    Provider = new SimpleAuthorizationServerProvider(UserRepository, UserStore)
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

How come the method UseOAuthBearerTokens takes in OAuthAuthorizationServerOptions as a parameter?

Improve this question
2
  • 2
    Good question. I don't know if it's just me, but I think the whole Authorization/Authentication/OAuth part of the current state of ASP.NET is an absolute mess. Commented Sep 25, 2014 at 16:18
  • Do people recommend using something else? Commented Sep 25, 2014 at 16:53

1 Answer 1

Reset to default
2

I believe the first one, UseOAuthBearerTokens(options), was added in Web API 2.1, and it encapsulates the call to UseOAuthAuthorizationServer and UseOAuthBearerAuthentication.

Unfortunately, a lot of samples in articles/blogs on the web don't include a publish date, so it's hard to track whether the code is still applicable. And given the speed at which these APIs are being updated, I don't think it will get less confusing.

Here's the code from the Owin.AppBuilderExtensions.cs found in the Microsoft.Owin.Security packages, for reference, as of Web Api v2.2:

public static void UseOAuthBearerTokens(this IAppBuilder app, OAuthAuthorizationServerOptions options)
        {
            if (app == null)
            {
                throw new ArgumentNullException("app");
            }
            if (options == null)
            {
                throw new ArgumentNullException("options");
            }

            app.UseOAuthAuthorizationServer(options);

            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
            {
                AccessTokenFormat = options.AccessTokenFormat,
                AccessTokenProvider = options.AccessTokenProvider,
                AuthenticationMode = options.AuthenticationMode,
                AuthenticationType = options.AuthenticationType,
                Description = options.Description,
                Provider = new ApplicationOAuthBearerProvider(),
                SystemClock = options.SystemClock
            });

            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
            {
                AccessTokenFormat = options.AccessTokenFormat,
                AccessTokenProvider = options.AccessTokenProvider,
                AuthenticationMode = AuthenticationMode.Passive,
                AuthenticationType = DefaultAuthenticationTypes.ExternalBearer,
                Description = options.Description,
                Provider = new ExternalOAuthBearerProvider(),
                SystemClock = options.SystemClock
            });
        }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.