14. What is bad about OAuth
• Interoperability
• You can’t write one peace of code that woks for all. Discover endpoints and log on toone of them
• Inthe Implicit flow, the redirect URIshould be something odd to preventthe Browserfrom requestingit.
15. Whento Use OAuth
• Single Sign On
• Scalable Solution (Manyserver)because it’s a stateless Authentication
• Content Providerlike (Facebook,…)
• Whenyou have 3 entities, yourAPI, one ofyouruserswant to accessotheruser’sdata
• Best Solution For Authorization
19. How to setup OAuth
1. http://oauth.net/2/ .NET, JAVA, PHP, Python,NodeJS, Ruby, ….
2. For .Net get it form https://github.com/IdentityServer/IdentityServer3
3. I Recommend to usereal certificate for yourdevelopment, it will speed up the process
4. Changethe Constant ProjectURIsto Fit yourURIs
5. Build the Identity Serverand the ResourcesHost
6. InstallFiddler and Wiresharkto help you debug your application
7. At the development you canusein memory Usersand Clients, but then you havetosetup the Databases
8. Thenyou canstart With yourdeveloping APIs