[英]ThinkTecture IdentityServer3 vs Microsoft.Owin.Security.OAuth2
We are planning to build an OAuth2 authorization server in our company, and we're trying to figure out what to be the correct solution to implement it upon. 我们正计划在我们的公司中构建OAuth2授权服务器,并且我们正在尝试找出将其实现为正确的解决方案。 Currently we're considering using the ThinkTecture IdentityServer3 or the plain Microsoft.Owin.Security.OAuth package.
当前,我们正在考虑使用ThinkTecture IdentityServer3或普通的Microsoft.Owin.Security.OAuth程序包。 One of the things we take into account in which to choose is who already uses it.
我们在选择时要考虑的一件事是谁已经在使用它。 Unfortunately, I cannot find any information regarding IdentityServer3 customers on the ThinkTecture website, neither anywhere else.
不幸的是,我在ThinkTecture网站上找不到关于IdentityServer3客户的任何信息,在其他任何地方都找不到。 Does anybody know, if there are any big players, who rely on this library/framework?
有人知道(如果有大型公司的话)依靠这个库/框架吗?
If anybody has any other guidance in terms of which of the two solutions above is better, that would be valuable for us as well. 如果有人对上述两种解决方案中的哪一种更好,还有其他指导意见,那对我们也很有价值。
Cheers 干杯
The Microsoft.Owin.Security.OAuth library has been deprecated by Microsoft essentially because to use it in any scenarios other than their one sample you have to build lots of additional security infrastructure on top of it. Microsoft.Owin.Security.OAuth库已被Microsoft弃用,这主要是因为要在除其一个示例之外的任何方案中使用它,您必须在其之上构建许多其他安全性基础结构。 Doing this is not trivial and requires you to be very aware of the threats and mitigations when developing an OIDC/OAuth2 provider.
这样做并非易事,并且要求您在开发OIDC / OAuth2提供程序时非常了解威胁和缓解措施。 This sort of security work is already done in IdentityServer.
这种安全性工作已经在IdentityServer中完成。 As such, Microsoft is recommending IdentityServer as the choice going forward for when you need your own customizable OIDC/OAuth2 token service for your applications and APIs.
因此,当您为应用程序和API需要自己的可自定义OIDC / OAuth2令牌服务时,Microsoft建议使用IdentityServer。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.