-
Notifications
You must be signed in to change notification settings - Fork 0
Home
OAuth Service is an open source OAuth 2.0 service written in .Net Core V3 by Ritesh Ramesh. The aim of this project is to allow .Net developers and architects to use as a starter for in house development. Contributions suggestions and ideas are all welcome please see contributions section to actively contribute.
You can use this service to secure REST API resources, SOAP based web service and web applications.
This .Net core service uses clean architecture principles. Thanks to Jason Taylor Clean Architecture with ASP.NET Core 3.0 - Jason Taylor - NDC Sydney 2019
JWT token supports the following algorithms HS256, HS384, HS512, RS256
The validation and authentication uses the chain of responsibility pattern so you can add any number of handlers to extend the token validation process. Currently it supports a signature validation handler and a revocation handler.
You can use any other type of token by implementing the ITokenService interface.
Invalid User Error indicates that the user credentials are invalid.
Invalid Token Error indicates that the token is invalid.
Install the required .NET Core SDK
Install Git
Install Docker
All API's are exposed via a Swagger documentation tool at this endpoint {host}/swagger/index.html.
Also in the source code is a test folder that contains Postman environment and collection files that you can use with Postman.
To get an understanding of which API's to use for the various OAuth2.0 flows see Flows
This is also available as a docker container https://registry.hub.docker.com/rramesh1000
Access token: are generated using the JWT standard by default. This can be swapped with other token specifications by implementing the ITokenService interface. See here https://wesleyhill.co.uk/p/alternatives-to-jwt-tokens/ for alternative formats to JWT.
Authorization: is not implemented in this repo, to allow consumers of the code to integrate with other system or extend as required.
Data persistence: This implementation uses MSSQL to persist data by default. The data persistence technology can be switched to any alternative by implementing the IDBService interface.
Encryption: This implementation uses SHA 1 and RNG crypto standards for hashing and encryption. These can be replaced by implementing the IEncryptionService interface.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.