ThinkTecture IdentityServer3 vs Microsoft.Owin.Security.OAuth2
Question
We are planning to build an OAuth2 authorization server in our company, and we're trying to figure out what to be the correct solution to implement it upon. Currently we're considering using the ThinkTecture IdentityServer3 or the plain Microsoft.Owin.Security.OAuth package. One of the things we take into account in which to choose is who already uses it. Unfortunately, I cannot find any information regarding IdentityServer3 customers on the ThinkTecture website, neither anywhere else. Does anybody know, if there are any big players, who rely on this library/framework?
If anybody has any other guidance in terms of which of the two solutions above is better, that would be valuable for us as well.
Cheers
1 answers
solution1
8 2016-11-21 14:56:39
The Microsoft.Owin.Security.OAuth library has been deprecated by Microsoft essentially because to use it in any scenarios other than their one sample you have to build lots of additional security infrastructure on top of it. Doing this is not trivial and requires you to be very aware of the threats and mitigations when developing an OIDC/OAuth2 provider. This sort of security work is already done in IdentityServer. As such, Microsoft is recommending IdentityServer as the choice going forward for when you need your own customizable OIDC/OAuth2 token service for your applications and APIs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.