77

It seems like many app providers are using OAuth2 to allow API access, such as Twitter and Facebook. Does anyone use a good library to do OAuth2 processing that is general enough to use across all applications?

TruMan1
  • 33,665
  • 59
  • 184
  • 335
  • 58
    I'm confused by the vote to close. Asking for library recommendations to accomplish a specific task is now "subjective and argumentative"? – Joel Mueller Sep 02 '10 at 21:09
  • 25
    Some people for some reason think that any idea of "best" and "worst" is completely non-objective. I have no idea why, but they think "green is the best color!!!!" is the same as "what is the best library given these conditions: ..." – colithium Sep 06 '10 at 16:14
  • There is also the Microsoft implementation based in Katana, https://www.nuget.org/packages/Microsoft.Owin.Security.OAuth – Fernando Gonzalez Sanchez Nov 22 '15 at 23:55
  • I think there's an internal policy for all SO moderators to close "recommendation" questions b/c they're afraid to get google penalty for "thin content" – Alex from Jitbit Jun 17 '18 at 11:50

4 Answers4

27

I didn't look into it's internals (source code link is broken), but in general DotNetOpenAuth seems to be quite professional.

Update: OAuth 2 and OpenID are now supported as well.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • Last I checked DotNetOpenAuth didn't support OAuth 2.0. – Micah May 06 '11 at 16:59
  • @Micah you are right. I believe something was not paid attention to when I answered (maybe their design was different or they erroneously claimed OAUth2 support). I'll update the answer now. – Eugene Mayevski 'Callback May 06 '11 at 17:13
  • 4
    Now (Febuary 2013) DotNetOpenAuth supports OAuth2 and OpenID. – Grzegorz Gierlik Feb 08 '13 at 11:21
  • @GrzegorzGierlik Thank you for the update. As people rarely read comments, I've put an update instead of your modification. – Eugene Mayevski 'Callback Feb 08 '13 at 14:17
  • As I understood, it can't be used for commercial projects. I installed this library from NuGet and it asked me about license for Microsoft libraries (Microsoft.Bcl.dll and two others). Here is license https://www.microsoft.com/net/dotnet_library_license.htm with text "You may not use the software for commercial software hosting services." Please, correct me if I'm wrong – white.zaz May 19 '15 at 04:58
  • @white.zaz I am not the developer of that library so I can only guess. The homepage states "It’s completely free to use on personal and commercial projects" . I think the best approach would be to contact the author of the library and ask explicitly. – Eugene Mayevski 'Callback May 19 '15 at 05:28
  • 2
    I highly not recommend using DNOA. There is almost no documentation on how to use the library so you will definitely be on your own whenever you face any issues. If the web service you are trying to access has a .NET SDK which includes an OAuth implementation then go for that. A personal advice for which I payed a high price, don't go for DNOA otherwise get ready to have restless nights reading through the code alone! – GETah Oct 18 '16 at 12:27
  • [Source code link](https://github.com/DotNetOpenAuth/DotNetOpenAuth) isn't broken anymore. – AlexMelw Apr 05 '18 at 08:28
  • What about the `IdentityServer4`? – Artfaith Feb 01 '21 at 07:25
22

You should look on OAuth2. It is .NET implementation of OAuth 1.0 and OAuth 2.0 protocol for most of the popular providers:

  • google
  • facebook
  • twitter
  • foursquare
  • instagram
  • linked-in
  • windows live
  • vkontakte
  • odnoklassniki
  • yandex
  • mail.ru
  • github

Nuget package is there.

Andrew Semack
  • 321
  • 2
  • 5
  • 3
    Do we have any detailed working example of this library ? I can see some usage examples showed but I am not understanding like what is AuthroizationRoot – nraina Dec 23 '14 at 11:18
7

I haven't seen any good frameworks out there yet for OAuth2. I've decided to try and roll my own for a project.

My framework so far supports bearer tokens and all of the oauth 2 flows (challenge/response, implicit, client credential, resource owner password, and refresh token).

It's a little clunky, and I'm working on my first REST service built on this framework.

Check it out, any feedback or contributions would be appreciated.

https://github.com/ghorsey/SharpOAuth2

Geoff
  • 345
  • 4
  • 12
1

I would look at the Hammock REST client library. It is general purpose REST client, but it provides OAuth support as well.

Eric Hauser
  • 5,551
  • 3
  • 26
  • 29