Skip to content

Latest commit

 

History

History
59 lines (38 loc) · 2.99 KB

README.md

File metadata and controls

59 lines (38 loc) · 2.99 KB

Table of Contents

What is it?

The idea of this project is to write a simple OAuth 2.0 Authorization Server. Don't expect too much. It is progressing with baby steps. The code does not look great. Lots of things are hardcoded. It is more like a simple proof of concept application.

Specifications

This project uses the following RFC documents as the specification for its implementation. The idea is to comply with the specs as much as possible with little or no diversion.

  • RFC 6749 - The OAuth 2.0 Authorization Framework
  • RFC 7519 - JSON Web Token (JWT)
  • RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage

Sample Postman Scripts

The postman scripts will get updated as the code progress.

Run in Postman

Verify Access Tokens

The access token format this project uses is JWT bearer token. Therefore, you can verify the token there: https://www.jsonwebtoken.io/

The secret used in the HMAC signature digest is client_id. Silly, but it is how things work for now.

Contribute

I always welcome PRs from the community. As you may know, this project is developed during live streams on my channel at http://youtube.com/tarikguneyphd. Currently, the videos are in Turkish but perhaps later we can have a summary video in English, too. Anyhow, please feel free to send me pull requests.

Suggestions

  • Use Guid.NewGuid().ToString("N") to generate unique authorization_code code values.

Changes (order by timestamp desc)

  • [12/20/2019] - Implemented resource owner password grant type, did a huge refactoring to increase readability, and bunch of small changes here and there.
  • [11/25/2019] - Implemented access token request for authorization code grant type, and renamed IAuthorizationEndpointFlow to IGrant along with some other small code clean up and refactorings.
  • [10/13/2019] Implemented implicit flow, refactored the code a little bit, and extracted implicit and authorization code flows into their respective classes with one interface.
  • [10/12/2019] Implemented a simple authorization endpoints. Allows people to log in to get the authorization code.
  • [10/06/2019] Returning correctly formatted response for access_token request for both successful and erroneous situations.
  • [Older Date] JWT Token generation is now working.
  • [Older Date] Tested with Postman and works nice! Try it yourself