71

In Web API 2, you used to be able to create an endpoint to issue a token by setting up an OAuth Authorization Server via middleware like below:

//Set up our auth server options.
var OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new SimpleAuthorizationServerProvider()
            };

 // Sets up the token issue endpoint using the options above
 app.UseOAuthAuthorizationServer(OAuthServerOptions);

Perhaps I'm missing it, but I'm trying to figure out how to do this in ASP.NET Core. I've looked through the source (https://github.com/aspnet/Security) but I don't really see anything analogous. Is there a new way to accomplish this? Do I need to just create a controller and do it myself?

I see how OAuth Authentication can be set up via Middleware, but this regards the authorization portion where I issue claims from my API.

Improve this question
2
  • perhaps this could help. it's an answer with thinktecture's identity server : stackoverflow.com/questions/29360563/… Commented Apr 7, 2015 at 8:51
  • Thanks @CedricDumont, I was looking for something integrated, but I've considered Thinktecture. End of day that may be what I go with. It's very solid. Commented Jun 12, 2015 at 2:18

2 Answers 2

Reset to default
90

EDIT (01/28/2021): AspNet.Security.OpenIdConnect.Server has been merged into OpenIddict as part of the 3.0 update. To get started with OpenIddict, visit documentation.openiddict.com.

Don't waste your time looking for an OAuthAuthorizationServerMiddleware alternative in ASP.NET Core, the ASP.NET team simply decided not to port it: https://github.com/aspnet/Security/issues/83

I suggest having a look to AspNet.Security.OpenIdConnect.Server, an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3: there's an OWIN/Katana 3 version, and an ASP.NET Core version that supports both the full .NET framework and .NET Core.

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

ASP.NET Core 1.x:

app.UseOpenIdConnectServer(options =>
{
    options.AllowInsecureHttp = true;
    options.TokenEndpointPath = new PathString("/token");
    options.AccessTokenLifetime = TimeSpan.FromDays(1);
    options.TokenEndpointPath = "/token";
    options.Provider = new SimpleAuthorizationServerProvider();
});

ASP.NET Core 2.x:

services.AddAuthentication().AddOpenIdConnectServer(options =>
{
    options.AllowInsecureHttp = true;
    options.TokenEndpointPath = new PathString("/token");
    options.AccessTokenLifetime = TimeSpan.FromDays(1);
    options.TokenEndpointPath = "/token";
    options.Provider = new SimpleAuthorizationServerProvider();
});

To learn more about this project, I'd recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

Good luck!

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

This is really what I was looking for...perhaps this question will help other people find this project. Thanks to those working on this!
You're welcome! It's still a young project, but I hope to release a RC version soon on NuGet.org (I still need to introduce a few breaking branches in the vNext version, that I also want to backport to OWIN/Katana 3, so it might need a few weeks more). Don't hesitate to ping me here, on GitHub or on JabbR if you have any question or if you want to share your feedback ;)
@Pinpoint, you've been doing some impressive work there! I managed to build out a token provider using the default packages, and detailed it here: stackoverflow.com/a/29698502/195653, but I feel like the OpenIdConnect server is probably the better way to go!
older question, but you might want to also check out IdentityServer4 - it just entered beta for Asp.Net Core leastprivilege.com/2016/01/11/…
Can I implement same functionality in .NET core 2.0, I tried but getting error TypeLoadException: Could not load type 'Microsoft.AspNetCore.Builder.AuthenticationOptions' from assembly 'Microsoft.AspNetCore.Authentication, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'.
|
4

For anyone still looking for the original OAuth Authorization Server in ASP.NET 5, I have ported the code and the original sample here: https://github.com/XacronDevelopment/oauth-aspnet

The port includes backwards compatibility to allow ASP.NET 4.x resource servers to read the access tokens created by the authorization server.

The nuget packages are here: https://www.nuget.org/packages/OAuth.AspNet.AuthServer https://www.nuget.org/packages/OAuth.AspNet.Tokens https://www.nuget.org/packages/OAuth.Owin.Tokens

Improve this answer

1 Comment

Katana's authorization server had many unsolved bugs, still listed on the Codeplex tracker. I took a brief look at your fork and it seems that you've fixed none of them. If you're still looking for the "original authorization server", take a look at AspNet.Security.OpenIdConnect.Server, it offers the same experience but fixes all the known bugs Katana's server had.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.