Iβve been trying for several hours to get OAuth to work with the API I'm working on, and obviously my approach should be wrong, because Iβm constantly at a dead end.
What I have:
- An API that is implemented in .NET MVC that returns the result of data as XML or JSON.
- API API requires an API.
- Website (X) as a backend for managing API keys.
- Another site (Y) with lots of data that this API retrieves from.
What should I get:
- Ability to allow API Keys to access data from users from the website (Y), if they allow it through OAuth (1.0A).
What I tried:
- So far, my approach has been to use the DotNetOpenAuth library, but almost everything is about how to implement OpenId, and some classes in the OAuth namespace even seem hardcoded with respect to the OpenId functions. So I'm trying to understand what is happening in the examples that use OpenId, and see if I can use parts of this to implement OAuth without OpenId.
- Various approaches include server-side reading of "UnauthorizedTokenRequest" and returning it through a call to ServiceProvider.Channel.PrepareResponse (unauthorizedTokenRequest) .AsActionResult (), which for some reason tries to add two nonce and timestamp values ββto the response that fails and skips it, it still returns a response that I cannot read on the client side.
So, I think my question is actually:
- Is there a manual / documentation that tells which parts of the DotNetOpenAuth library I should use on the server side, and when they should be used in the process, to implement OAuth on an MVC server that is not hard-coded to OpenId, since none of the sites ( X or Y) does not support OpenId?
- Should I use a different library if I don't use OpenId, since DotNetOpenAuth seems to focus most?
- Any other approaches that would fit my needs better are welcome.
Thank you in advance! - Johnny, Denmark
Johny Skovdal
source share