More Oauth/Oauth2 integration
It would be very interesting to have a better integration with oauth protocols.
1. Authentication/authorization provided directly by SS. At moment is possible to use oauth, but only with some external libraries (DotNetOpenAuth or others).
The Access Token could be released with some oauth permissions defined in a global configuration setting. When the client request an access token, the request must contains a list of permission (like facebook, twitter and others API)
The permissions can be used for authorize some services only if the oauth access token provided in the request is valid for it. For example with custom attibute on service (like roles):
We’ve improved OAuth integration in v4.5.8 where you can now Authenticate using an AccessToken in Facebook, Twitter, Github and Google Auth Providers:
This feature now enables auto-Sign Ins in Mobile / Desktop Apps using a saved Access Token.
Please submit separate feature requests for any other individual features you’d like to see.
Facebook, Twitter and GitHub OAuth Providers are in ServiceStack.dll and do not require any dependencies to any 3rd party libraries like DotNetOpenAuth. But there are no plans to rewrite the OAuth providers that do require DotNetOpenAuth to exclude using it.
Each OAuth provider can define additional scopes and permissions either on the AuthProvider type itself or in Web.config, e.g: