how to generate OAuth client identifier and client secret?

c# asp.net-mvc-3 dotnetopenauth oauth-2.0

Daniel · Jan 20, 2012 · Viewed 8.4k times · Source

I'm implementing an OAuth2 provider, and I would like to have an area somewhere in my web site where developers log on and register third party apps. But I'm having doubts on how to generate the apps's client identifier and client secret. Should they be unique random codes, or do they have to have some meaningful information to the client? I guess they could be random.

Well I've been looking for best practices on how to do this, but haven't found that much. So any answers will be appreciated.

PD: Im developing on .NET MVC3 with a library called DotNetOpenAuth.

Answer

The client identifier can be anything you want. It can be their choice or any random string.

The client secret should be a cryptographically strong random string. Here is how you can generate one:

RandomNumberGenerator cryptoRandomDataGenerator = new RNGCryptoServiceProvider();
byte[] buffer = new byte[length];
cryptoRandomDataGenerator.GetBytes(buffer);
string uniq = Convert.ToBase64String(buffer);
return uniq;

how to generate OAuth client identifier and client secret?

Answer

Related questions