Authentication provider and OAuth

 

Can I run my own authentication provider(ie OpenId based) and let the users authenticate against it with OAuth? The provider will server as SSO point for multiple web-application.

The reason to do it is, that I will need only one applicationID(from each OAuth provider supported) for all my webapps. The provider will serve JSON security token, that will be use for secure access.

UPDATE I will just add use case example

  • user wants to log to some of my webapp
  • user is redirected to My identity provider
  • user selects the way he wants to login(pasword, or some OAuth provider)
  • in case of name/pass My ID provider will just authenticate, authorize the usual way and generate security token the user can use
  • in case user selects OAuth login, he will follow the normal OAuth flow which will validate the user identity by the OAuth provider, then when done redirected back to My ID provider, which will generate security token the user can use
  • the user can use the token to prove himself to all my webapps
  • the webapps will validate user tokens against My ID provider

    • The will be some way how to connect together the same user account from different providers.

    Yes you can, take a look at Thinktecture's IdentityServer for example.

    But to do what you want, you don't need to run your own OpenID Connect provider. You could use an existing solution like Azure Active Directory for example.

    Update: from your comments, it looks like you are really looking for a federation provider. Take a look at the Azure Access Control Service and it's integration with Google as an identity provider here: https://msdn.microsoft.com/en-us/library/azure/gg185929.aspx

    链接地址: http://www.djcxy.com/p/22274.html

    上一篇: 微服务中的身份验证和授权

    下一篇: 身份验证提供程序和OAuth