OAuth Simple Service Provider

Josh Barker picture Josh Barker · Oct 14, 2010 · Viewed 8.2k times · Source

I am struggling trying to pick apart the OAuth Service Provider example which is included in DotNetOpenAuth. I searched SO and found a few similar/related posts, but nothing really useful. Is there any open-source project or really simple/primitive example of an ASP.NET MVC 2 OAuth Service Provider? All I want to use OAuth for is authentication of the service. I was going to roll my own api with a key/secret, but thought a tried and tested protocol like OAuth would probably be a better solution.

Answer

Josh Barker picture Josh Barker · Nov 9, 2010

I ended up doing some extensive research to find that I didn't need the traditional 3-legged OAuth and only needed 2-legged. The problem is 2-legged OAuth information is pretty hard to find. I finally found an Google spec for implementing 2-legged OAuth:

http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/2/spec.html

I also found an implementation of it, as Justin.tv is using it for their services:

http://apiwiki.justin.tv/mediawiki/index.php/OAuth_Ruby_Tutorial

I also stumbled across an excellent OAuth testing tool which helped me greatly in implementing the service:

http://term.ie/oauth/example/client.php

2-legged OAuth is pretty simple once you understand what you are looking for and how to implement it. If you're searching for OAuth, most likely you are finding articles talking about the traditional 3-legged OAuth which involves 3-parties as the name implies: consumers, service providers, AND users. Two-legged strictly involves consumers and service providers. If you're service does not deal with users specifically, 2-legged OAuth is just what you're looking for.

As for a framework, I am using ASP.NET MVC so I ended up settling on a github repository located here:

https://github.com/buildmaster/oauth-mvc.net

Its got some really nice, clean code, and uses dependency injection (Ninject). It didn't take much for me to be able to modify it for 2-legged OAuth.