A vendor product is all well and good if you have the money (notwithstanding Apigee's efforts in the 'free' space recently). But if you don't, and you work in a Microsoft shop?
What seems to generally the case is that the first framework/library one thinks of is DotNetOpenAuth (DNOA). It has a relatively trouble free 3rd party OAuth provider for MVC integration - very nice.
But on two occasions now, I have tried to use DNOA to build an Authorization server, and it has found every way to confound the effort.
In what ways? Well:
- Samples that often do not work out of the box
- Source code that needs tweaking
- No 'authorization server as a platform' base
- Poor documentation
So I set to searching again. And encountered the Thinktecture Identity Server (TTIS) - and this proved to be a revelation, in every way possible. As a free offering, it really is an excellent piece of work, helping you create an Authorization Server, and Resource Server integrations without breaking too much of a sweat. What I found:
- A tidy code base, really, Thinktecture have thought about it
- A testable code base
- Interface driven - all or most of the key services can be replaced with your own implementations
- A basic authorization server implementation
- A REST API for various identity server operations
- IIS or self host options - being OWIN driven
- An entity framework library that allows for easy database hosting of core objects (tokens, clients, consents and so on)
- Adequate documentation
So, as an example, I needed to replace the IUserService with one that consulted an API instead of some database (somewhere). A breeze. Want to retain client secrets in clear text so that clients can be informed of them if necessary? No problem (let's not argue security on this one!).
So, next time you want to look at open source, free OAuth software - take a long look at TTIS. It really is far more a platform than a library.
No comments:
Post a Comment