I'm really not interested in WCF samples. The DotNetOpenAuth implementations that I found are also incomplete or assume WCF. I've found Thinkitecture.IdentityServer.45 which is anything but lightweight and isn't really appropriate for building into my new WebAPI project. I even found the Oauth2DotNet project that has almost no real information.
Microsoft has posted a few Oauth/OpenID related projects, but I can't even find proper documentation for these either.
My project: Create a new site to provide "REST-style" API services for authorized mobile applications using .NET 4.5 and ASP.NET WebAPI. Since these applications don't necessarily have to act on behalf of a user, we believe that "2-legged" Oauth will be acceptable because we would like the ability to shut down and deny access to our API if a specific application gets out of hand.
Out of all of this, I've spent a week trying to get a basic implementation working, but haven't even been able to identify the various token types and what makes up the tokens themselves. This really shouldn't be so difficult and I find the lack of basic information on the topics involved quite frustrating. Yes, the specs are posted, but nowhere are they distilled and ready for implementation.
I'd like the ideal solution to extend to integrate properly with the WepAPI's Authenticate attribute, probably as an ActionFilter/AuthorizationFilter so I can identify and authenticate the remote application before attempting to authorize access to one or more of my elegant REST-ful API methods.
Where's the "getting started"?
