Let me describe the system I have at the moment.
•REST Web Service(lets say.. Inventory Web Service)
•iOs,Android etc. clients of Inventory Web Service
•ACS as a authorization tool.
I have a relative big set of rules in ACS. I would say, that each device(iOS, Android etc.) has a ACS(Service Identity) record and also there is a set of Rules(claims rules) for each of Service Identity. For Instance, (Roles: Administrator, Sales etc.).
I mean, when device log in, It recieves the token with the claims(Roles, enviroment settings etc.) and Inventory Web Service validates these claims according to the Web Service settings on each call.
Actually, I don’t like the implementation.
What I would like to change is: somehow…. delegate the claims Rules generation to other oAuth Server and after that transform it with ACS Rules(if needed).
So, here is Workflow that I would like to get:
1.iOS device sends the credentials to ACS.
2.ACS somehow delegates the request to custom oAuth server
3.Custom oAuth Server based on credentials generates and returns claims set(token?) to ACS.
4.ACS transforms(if needed) the claims set from cusom oAuth server
5.ACS returns token to iOS device.
As you may notice ,there is no page redirection, all must be done in the background.