oAuth and external API

Question

User-1433993064 posted

I need to make calls out to a couple of different API servers.

The user will login using the standard facebook/twitter membership login.

Once on my application they can choose to share their data with a 3rd party API.
In order to use the API they must go through auth get a token which I can then save and reuse to make requests on their behalf.

They will need authorize a couple of APIs.

What is the bests pattern to implement the oAuth calls for the APIs?

Answer 1

User1779161005 posted

You need an OAuth2 authorization server to protect your web apis and provide an end user a mechanism for consent to the 3rd party to access their data. IdentityServer3 is an open source, .NET based framework for building that: https://github.com/IdentityServer/IdentityServer3/

Answer 2

User-1433993064 posted

I'm making outward calls to APIs. I don;t need a authorization server. 

What I want to know is what is the best pattern for a user to go through oAuth for 2 external APIs which I then call out to.

Answer 3

User1223857158 posted

Please see:

http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-and-identity-2/ 

http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api