oauth-provider

I am trying to fix an intermittent issue when using Google as an external login provider. When attempting to login, the user is redirected back to the login page rather than being authenticated. The problem occurs on this line (line 55 of link below), GetExternalIdentityAsync returns null. var externalIdentity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie); The full code is: [Authorize] public abstract class GoogleAccountController<TUser> : Controller where TUser : Microsoft.AspNet.Identity.IUser { public IAuthenticationManager

I am implementing an OAuth Provider to secure different web-based APIs. The most headache is giving me the securing of WebSockets through OAuth. Can it be done completely secure in a client that's set in a Browser? What are the risks if it is in a Browser compared to a web application with a Server? I want to use 2-legged OAuth to restrict the connections to the websocket, so only registered clients can acquire a WebSocket connection to the API without being refused. Since a WebSocket connection is always (!) established on the client-side (from the Browser), is it possible to protect the

I am implementing an OAuth Provider using DevDefined library. I wonder if there is any recommended database structure for storing consumer and token data on the server side. Any advice on this would be appreciated. NB: The answer below is applicable mostly to OAuth 1.0 I don't really know anything about the DevDefined library. But here is a non-technical description of the database design I ended up working with in my latest project, using an SQL database. It should cover everything needed to follow the basic specification. I've tried to keep it down to an absolute minimum. RequestTokens token

How can I add a Oauth provider to a web application using Zend Framework? Zend Framework has support for oauth consumers, but I don't see a provider support. What do you use to implement a Oauth provider in php (with Zend Framework)? I followed this guide from Rasmus Lerdorf to implement an OAuth provider. While I didn't actually use the pecl extension, you can use the article to write your own server component. If you look at the zend incubator, it has a new Zend_Oauth_Server file http://framework.zend.com/svn/framework/standard/incubator/library/Zend/Oauth/ I think Brandon's correct in

I am using PHP library for OAuth2.0 v20 In draft20, there is a mention of the use of state to prevent CSRF So far, my own web app that implements this PHP library allows the following: 3 legged authentication using Authorization Code Request 2 legged authentication using Resource Owner Credentials Grant a Request that refreshes an access token Do I need to use state for all of the 3 situations above? If so, what is a good example of "state"? what makes a good "state"? Any ideal length? Any minimum length? Any maximum length? Any ideal makeup? alphanumeric including upper case? Just for #1 -- 3

So basically I want to protect my APIs with OAuth 2.0 and implement an OAuth Provider to enable acquiry of accessTokens etc. Can it be done with JOAuth out of the box? Has anybody already implemented something like this with an Open Source library (Java)? Spring Security has an OAuth sub-project with support for OAuth 1.0a and OAuth2 (both client and server). They have sample code on their GitHub repo: Main repo: https://github.com/spring-projects/spring-security-oauth Sample OAuth2 provider (called sparklr): https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2