• This repository has been archived on 19/Nov/2017
  • Stars
    star
    280
  • Rank 147,492 (Top 3 %)
  • Language
    C#
  • License
    Other
  • Created over 11 years ago
  • Updated about 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Sample implementation of an OAuth2 Authorization Server

AuthorizationServer

AuthorizationServer is the foundation for implementing application and API authorization. As a first step, we provide an implementation of the OAuth2 authorization framework.

Important AuthorizationServer is not really maintained anymore - read here for details.

Concepts

We support the following primitives:

Applications Applications are containers for settings (token lifetime, key material, audienceโ€ฆ) and scopes. Every application gets its own entry point in the URL structure, e.g. ../myapp/oauth/authorize and ../myapp/oauth/token.

Scopes Scopes represent permissions a client can ask for. They will be shown on consent screens, so the resource owner can grant (or deny) access. A scope also defines which clients can request it.

Clients A client has a client ID and a secret. A client can use exactly one OAuth2 flow to request tokens (code, implicit, resource owner credentials, client credentials). A client has a list of allowed redirect URIs for flows that require a callback.

Access Tokens An access token will contain JWT standard claims like iss (issuer), aud (audience), nbf (not before), exp (expiration). In addition it will contain information about the subject (sub claim), the client that requested the token as well as the requested scopes.

Flows We support all OAuth2 flows like authorization code, implicit, resource owner and client credentials flow. In addition you can extend the token endpoint to support assertion flow, which enables delegation and federation scenarios.

Architecture

AS deliberately doesn't do authentication. It solely focuses on authorization. The default configuration assumes AS is a relying party to some WS-Federation identity provider (e.g. IdentityServer, ADFS, Windows Azure Active Directory or Azure Access Control Service). You can of course customize that in any way you want, e.g. add a local login page.

AS has only a single requirement when it comes to identity of the resource owner: the current principal must contain a claim of type "sub" (subject). You can adapt to your own claims structure using the ClaimsTransformer class in the web host project.

See the [wiki] (https://github.com/thinktecture/Thinktecture.AuthorizationServer/wiki) for more information.

More Repositories

1

oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
JavaScript
2,428
star
2

IdentityModel

.NET standard helper library for claims-based identity, OAuth 2.0 and OpenID Connect.
C#
1,027
star
3

IdentityModel.OidcClient

Certified C#/NetStandard OpenID Connect Client Library for native mobile/desktop Applications (RFC 8252)
C#
585
star
4

IdentityModel.AspNetCore

ASP.NET Core helper library for claims-based identity, OAuth 2.0 and OpenID Connect.
C#
306
star
5

IdentityModel.OidcClient.Samples

C#
289
star
6

IdentityModel.AspNetCore.OAuth2Introspection

ASP.NET Core authentication handler for OAuth 2.0 token introspection
C#
146
star
7

IdentityModel.PCL

A PCL helper library for claims-based identity, OAuth 2.0 and OpenID Connect.
C#
94
star
8

oidc-token-manager

JavaScript
51
star
9

IdentityModel.OidcClient.Old

OpenID Connect Client Library for Native Applications
C#
38
star
10

OidcCli

.NET Tool for running IdentityModel.OidcClient from the Command Line
C#
17
star
11

IdentityModel.AspNetCore.AccessTokenValidation

C#
13
star
12

IdentityModel.Owin.BasicAuthentication

Basic Authentication Middleware
C#
11
star
13

IdentityModel.AspNetCore.ScopeValidation

[deprecated] Scope validation middleware for ASP.NET Core 1
C#
10
star
14

Documentation

Documentation for the IdentityModel family of libraries
6
star
15

UwpOidcClient

Sample Universal Windows Platform (Windows 10) OpenID Connect Client
C#
3
star
16

IdentityModel.Owin.ClaimsTransformation

Claims Transformation Middleware for OWIN/Katana
C#
2
star
17

IdentityModel.HttpSigning

A Method for Signing HTTP Requests for OAuth (https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-02)
C#
1
star
18

.github

1
star
19

IdentityModel.Owin.PopAuthentication

Authentication Middleware for Proof of Possession Tokens
C#
1
star