Use ASP.NET Core WEB API token authentication as a resourceserver with OWIN/Katana OAuth 2.0 Authorization Server

Question

Is it possible to use an ASP.NET Core web api service authentication with an OWIN/Katana OAuth 2.0 Authorization Server?

To use the default (Bearer) OAUTH2 access token in ASP.NET 4.5.x WEB API 2 this would be done by adding this:

public void ConfigureAuth(IAppBuilder app)
    {
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }

And by adding the machinekey to the web.config.

Is it possible and how to use accesstokens from OWIN/Katana OAuth 2.0 Authorization Server (The tokens are in TicketDataFormat, which is the default) with an ASP.NET Core web api?

Answer 1

If I remember correctly, there were changes to the token format in ASP.NET Core. I have a sample of an ASP.NET Core resource server protected by a ported version of the Katana OAuth server. Check out the sample code, it may be close enough to get you there.

https://github.com/XacronDevelopment/oauth-aspnet/blob/dev/samples/ResourceServer2/Startup.cs

Answer 2

I had the same problem, and you need to modify the OAuthServer (to use DataProtector Compatibity or change the AccessTokenFormat to use JWT or other implementation)

I developed the second option. You can check the JWT solution in https://github.com/aloji/JwtSecurity