How to start working with OAuth

OK, I want to dive in working with OAuth.

What do I have to dowload.

What program will support the OAuth protocol as a IdP ?

Thanks
Anthony LuciaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
A good means is the oauth.net (http://oauth.net/) which you can go into the "Consumer developers" or "Service Provider developer". Also do not miss the The Beginner’s Guide to OAuth (http://oauth.net/documentation/getting-started/), and do not jump straight w/o reading them minimally.. The necessary libraries are available as well (http://oauth.net/code/)

A sample oauth use case workflow will help to better visual what your role and guide the direction for development as "user", "consumer" or "Service provider"
http://hueniverse.com/2007/10/15/beginners-guide-to-oauth-part-ii-protocol-workflow/

Many services such as Facebook, Github, and Google have already deployed OAuth 2 servers, and deployed implementations. Before you can begin the OAuth process, you must first register a new app with the service. When registering a new app, you usually register basic information such as application name, website, a logo, etc. In addition, you must register a redirect URI to be used for redirecting users to for web server, browser-based, or mobile apps. See more steps (http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified). Make sure you always send requests over HTTPS and never ignore invalid certificates. HTTPS is the only thing protecting requests from being intercepted or modified.

Ultimately for service provider, it will need the IdP to validate the user identity and credentials. You can catch oauth with ADFS (http://msdn.microsoft.com/en-us/library/dn633593.aspx).

Contoso is a medium-size furniture manufacturer. The developers for Contoso have been exploring building a new MVC5 ToDoList Web API and client applications that can use this API. However they want to be able to restrict access to the users of their on-premises Active Directory instance and use Active Directory as their Identity Provider. The developers already have a good understanding of OAuth and would like to leverage this for authentication.
To demonstrate the use of a native client with AD FS, we will build a WPF and Windows Store application using Windows Azure Authentication Library that allows a user to authorize access to a REST service with their AD account.
As part of the walkthrough we will also build a simple service that the client can call. The service provides a central location for a user to save their ToDo List, this service can be hosted on-premises or in the cloud.
You should rather focus on leveraging available Service Providers which either has its IdP or able to tap Ent IdP...see (http://en.wikipedia.org/wiki/OAuth#List_of_OAuth_service_providers)
E.g. Google (https://developers.google.com/accounts/docs/OAuth2) which make available Google Data API (https://developers.google.com/gdata/articles/oauth).
E.g. Saleforce (https://developer.salesforce.com/page/Using_OAuth_to_Authorize_External_Applications)
0
Mayank SAssociate Director - Product EngineeringCommented:
Start with Apache CXF as your OAuth provider. You need to write a custom data provider for it.

OAuth 2 - http://cxf.apache.org/docs/jax-rs-oauth2.html

OAuth 1 - http://cxf.apache.org/docs/jax-rs-oauth.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.