Monthly Archives: March 2014

The Web API v2 OAuth2 Authorization Server Middleware–Is it worth it?

Adding the concept of an authorization server to your web APIs is the recommended architecture for managing authentication and authorization. But writing such a service from scratch is not an easy task. To simplify that, Microsoft included an OAuth2 based … Continue reading

Posted in AuthorizationServer, IdentityServer, Katana, OAuth, OWIN, WebAPI | 18 Comments

OAuth2 and OpenID Connect Scope Validation for OWIN/Katana

In OAuth2 or OpenID Connect you don’t necessarily always use the audience to partition your token space – the scope concept is also commonly used (see also Vittorio’s post from yesterday). A while ago I created a Web API authorize … Continue reading

Posted in IdentityModel, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 3 Comments