oauth client for OAuthServer

Dec 17, 2013 at 3:18 PM
First of all, nice work on a very clean example with the oauth server.

Is there an oauth client available for this oauth server?

I am looking for something similar to how I would configure my application to use oauth against google.
            OAuthWebSecurity.RegisterFacebookClient(
                appId: "",
                appSecret: "");
Coordinator
Dec 19, 2013 at 11:36 AM
Hi,

You can look at the file /test/test.aspx which is a client oauth in a single aspx page. I hope to release shortly 3 simple client examples for google, microsoft and facebook oauth services.
Dec 19, 2013 at 3:15 PM
Edited Dec 19, 2013 at 3:55 PM
Thanks for the response. I reviewed the tests.aspx page.

Here is what I want to do.

MySecureApp -> MyOauthClient -> OAuthServer -> asp.net Membership provider

MySecureApp - is an asp.net mvc 4 applicaiton that I want to protect with a standard oauth client against an oauth server that I host.
MyOauthClient - this is an implementation of the abstract class DotNetOpenAuth.AspNet.Clients.OAuth2Client.
OAuthServer - the asp.net application hosted at oauthserver.codeplex.com
Asp.Net Membership Provider - an asp.net membership provider database that I host.

I have an asp.net application called MySecureApp that I want to protect using OAuth against an OAuthServer that I host. OAuthServer is an instance of the code on oauthserver.codeplex.com. My OAuthServer will delegate username/password validation to an asp.net membership provider instead of using ldap.

One attempt was to build MyOauthClient that integrates with OAuthServer. MyOauthClient implements DotNetOpenAuth.AspNet.Clients.OAuth2Client. In the AccountController, in the ExternalLoginCallback action,
            AuthenticationResult result = OAuthWebSecurity.VerifyAuthentication(Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl }));
            if (!result.IsSuccessful)
The result.IsSuccessful is always false. DotNetOpenAuth is expecting somethings in the querystring exchange that are not provided by OAuthServer.codeplex.com.

https://github.com/matejskubic/dotnetopenid/blob/master/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs

From my investigation, OpenAuthSecurityManager.VerifyAuthentication is expecting things that are not provided by this OAuthServer. Look at the VerifyAuthentication method.

If one of my requirements is that I have to use an implementation of OAuth2Client, then I won't be able to use OAuthServer without some modifications. Do you agree?

Below is the code for MyOauth2Client.
using System;
using System.Collections.Generic;
using DotNetOpenAuth.AspNet.Clients;

namespace MySecureApp.Code
{
    public class MyOauth2Client : OAuth2Client
    {
        private const string AuthorizationEndpoint = "http://localhost:62545/Authorize.aspx";
        private const string TokenEndpoint = "http://localhost:62545/GetToken.aspx";

        private readonly string providerName; 
        private readonly string appId;
        private readonly string appSecret;
        private readonly string key;

        public MyOauth2Client(string appId, string appSecret, string key)
            : this("MyOauth2Client", appId, appSecret, key)
        {
        }

        protected MyOauth2Client(string providerName, string appId, string appSecret, string key) : base(providerName)
        {
            if (!string.IsNullOrEmpty(providerName)) { this.providerName = providerName; }
            else { throw (new Exception("Missing provider name.")); }

            if (!string.IsNullOrEmpty(appId)){ this.appId = appId; }
            else { throw new Exception("Missing required data appId."); }

            if (!string.IsNullOrEmpty(appSecret)) { this.appSecret = appSecret; }
            else { throw new Exception("Missing required data appSecret"); }

            if (!string.IsNullOrEmpty(key)) { this.key = key; }
            else { throw new Exception("Missing required data key"); }
        }

        // gets the configured AppId for this client
        protected string AppId { get { return appId;  } }

        protected override Uri GetServiceLoginUrl(Uri returnUrl)
        {
            var builder = new UriBuilder(AuthorizationEndpoint);
            builder.Query = string.Format("client_id={0}&redirect_uri={1}&response_type={2}", 
                this.appId, 
                "http://localhost:31404/Account/ExternalLoginCallback", 
                "code");

            return builder.Uri; 
        }

        protected override IDictionary<string, string> GetUserData(string accessToken)
        {
            throw new NotImplementedException();
        }

        protected override string QueryAccessToken(Uri returnUrl, string authorizationCode)
        {
            throw new NotImplementedException();
        }
    }
}