This project has moved and is read-only. For the latest updates, please go here.

Using several OAuth authorization servers

Jan 3, 2014 at 11:31 PM
Hello,

I am developing a web application (SPA) and I want to secure my REST services. Some customers may choose to download and deploy the app in their on-premise environment and some of them can use a on-cloud service (SaaS).

The application can handle for the same tenant custom users (managed by the own application) or they can use ADFS/WAAD. I guess those two kind of users for the same tenant differ in the domain name. I guess you can treat them as separate tenants in a typical approach.

I saw in the SPA template that for self-managed users the right approach is Forms Authentication developing a very simple Authorization Server for OAuth. Then when integrating with other IdP I was thinking that the right approach would be using Windows Azure ACS since I can join there all the ADFS of all the tenants to a single point. Can I combine both of them? Is that the right approach?

Then I guess the approach for the on-premise installation would be pretty much the same, like having my application and using ADFS (W2K12R2) or using WAAD or using another Authorization Server which support OAuth together with my application. Am I in the right track?

The last question would be related with getting the access token from the AS. Since I am using a SPA the best approach is to do my POST/GET following the specifications straight in HTML/JavaScript or am I missing something here too?

Thanks for your time and my apologies if you consider the question is too general for this forum. In that case if you could redirect me to a better one it would be highly appreciated.
Diego
Jan 8, 2014 at 5:39 PM
I think you're on the right track, but I'm told it's quite difficult to fully integrate the two different login types right now. We're working on fixing that, so bear with us.