OAuthWebSecurity - Without OpenID

Question

Is it DotNetOpenAuth OAuthWebSecurity only for OpenID Providers?

OAuthWebSecurity.RegisterClient(new CutomOAuth2Client("ID", "KEY"), "CustomProvider", null);

Or could I base my entire authentication in a external OAuth Provider that doesn't implement OpenID? The scenario is likely if I want to develop a client for facebook but facebook isn't a OpenId provider...

score 2 · Accepted Answer · edited May 23 '17 at 12:04

2

Yes you can base your authentication on an external OAuth provider. I just made this SO post: How to let users login to my site using SoundCloud detailing how to do a custom OAuth2Client based on SoundCloud... though implementing it with a custom GitHub client was much easier for me.

The Facebook OAuth client is built in in VS 2012 - Using OAuth Providers with MVC 4, so I don't think you'd need to make a custom client unless there was something it isn't doing that you need.

Other useful reading: What's the difference between OpenID and OAuth?

edited May 23 '17 at 12:04

Community

1
1

answered Feb 20 '13 at 19:39

MikeSmithDev

15,731
4
58
89

Thanks Mike! Is it possible to set an authorization header with this approach (instead of use querystring)? – Gui Ferreira Feb 21 '13 at 11:16
@GuilhermeFerreira I'm not sure. I guess it would depend on the provider. – MikeSmithDev Feb 21 '13 at 14:53
FYI https querystring is secure, if that is your concern. – MikeSmithDev Feb 21 '13 at 15:10

OAuthWebSecurity - Without OpenID

1 Answers1

Linked