1

Been trying to wrap my head around oAuth 2.0, but I'm struggling figure out the correct way to implement it for our system, as there are so many different approaches.

Our specifications are:

  • Secure a REST API.
  • Own apps and websites connect to our API.
  • Users access our services without credentials.
  • Currently our API is private but possibly making it public in the future.

From the research I have done, I think I should be using oAuth 2.0 (Two-Legged) authentication with "Client Credentials" grant type.

I'm worried though that I may be misunderstanding the process, as it would seem that under this method all that is required is sending through your ConsumerId and ConsumerSecret. Whereas, the OAuth 1.0 method requires a HashKey, ConsumerKey, Nonce etc.

Lastly, is there a framework, spefically .net framework, that I can leverage off that will help me with this.

In Summary, my questions are:

  • Is the oAuth 2.0 (Two-Legged) using "Client Credentials" the best approach for me to take.
  • Is the auth flow as simple as sending your ClientId and ClientSecret and getting back your bearer token.
  • Is there a .net framework that I can use for secure authorisation.

Sources I used for oAuth 2.0 (Two-Legged)

OAuthBible - Lays out all the different oAuth approaches

Shows how oAuth (Two-Legged) is implemented in 1.0 and 2.0

www.tomdupont.net/2011/03/oauth-1.html

SpiderCode
  • 10,062
  • 2
  • 22
  • 42
Kyle
  • 186
  • 5
  • This answer has an [entire API](http://stackoverflow.com/a/24270278/1070452) for ImgUr which uses OAuth. It might provide a starting point/reference for a fair portion of your project. – Ňɏssa Pøngjǣrdenlarp Jan 20 '15 at 16:02

0 Answers0