A basic OAuth 2.0 server but one that stores tokens persistently.
OTHER License
Creating an OAuth 2.0 server is hard. Luckily, the DotNetOpenAuth (DNOA) library takes away a lot of the pain. But still it is quite hard to implement an OAuth 2.0 server using DNOA. Therefore I have created a small ASP.NET MVC 4 website that uses DNOA to function as an OAuth 2.0 server. To be able to test this server, there is also a small console application that connects to the server and requests some tokens. The code has been sprinkled with comments to explain in detail what the application does and why.
The OAuth2Server project contains the implementation of the OAuth 2 server that will output the access tokens. The flow of a token request is as follows:
Index
action of the TokensController
Index
action uses the AuthorizationServer
's HandleTokenRequest
method to handle the token requestHandleTokenRequest
is called, a call is made to our AuthorizationServerHost
class (which was provided as a parameter to AuthorizationServer
's constructor)CheckAuthorizeResourceOwnerCredentialGrant
(for resource owner credentials grants) or CheckAuthorizeClientCredentialsGrant
(for client credentials grants) is calledAuthorization: bearer gAAAAA2SU9LxRK3z-i-xjMBnOHiwBE9.....
Where you need to fill in your actual access token. You can find the protected resources at "/resources/clients" (for client tokens) and "/resources/users" (for user tokens).
The data is stored in a SQL Server Compact database that is accessed with Entity Framework. The OAuth2ServerDbContext
class keeps track of all the instances.