How to generate OAuth client id and client secret?

Question

How to generate OAuth client id and client secret?

I am implementing an OAuth2 provider, and I would like to have an area somewhere on my website where developers register and register third-party applications. But I have doubts about how to generate the application client identifier and client secret. Should they be unique random codes or should they have some meaningful information for the client? I think they may be random.

Well, I was looking for best practices on how to do this, but never found. Therefore, any answers will be appreciated.

PD: Im developing on .NET MVC3 with a library called DotNetOpenAuth.

+8

c # oauth-2.0 asp.net-mvc-3 dotnetopenauth

Daniel Jan 20 '12 at 20:25

source share

2 answers

The specification is unclear how you should generate them, but they say that you should be random strings and unique.

In section No. 2.2 on the client identifier:

The authorization server gives the registered client the client identifier - a unique string representing the registration information provided by the client.

+2

Felipe elias philippe Jan 21 '12 at 14:41

source share

Andrew Arnott · Accepted Answer · 2012-01-21T15:10:34+0000

Customer ID can be anything you want. It can be their choice or any random string.

The client's secret must be a cryptographically strong random string. Here is how you can create it:

RandomNumberGenerator cryptoRandomDataGenerator = new RNGCryptoServiceProvider(); byte[] buffer = new byte[length]; cryptoRandomDataGenerator.GetBytes(buffer); string uniq = Convert.ToBase64String(buffer); return uniq;

How to generate OAuth client id and client secret?

More articles: