Using Dallas OAUTH CLIENT to talk to ACS OAUTH2 endpoints


We have moved from using dotnetopenauth framework for oauth2 providers (that have to date allowed us to emulate Ping Federate AS, using Microsoft ACS OAUTH endpoint and management services)). Our plugin is still compatible with the dotnetopenauth ASP.NET pattern, but we now use objects from the “dallas” sample code to talk to the token issuing endpoint of ACS.

The reason is simple – we needed our own token issuing endpoints, delegating to the token issuing point of ACS remember, to fully handle expiry dates of refresh tokens – or access tokens when no refresh token is signaled.

Having done that, two benefits accrue: (i) the ping federate demo client correctly shows expiry fields, and (ii) the dallas API sample  works to get authorization headers. The latter is the demo of a thick XAML client firing up a web-browser window so as to complete websso and interact with (our) OAUTH2  AS and token issuing endpoints, when then accessing a data API in the Azure data marketplace (showing zillow mortgage data, as it happens)

image

using a better client to talk to ACS token issuing endpoint

The ping federate page showing the authorization response now handles delivering  the (renewal) expiry issued by ACS:

image

validation by our own endpoint then shows the remaining time to expiry of the access token which can be longer than the renewal token expiry time (when the clock skew between ACS and the token issuing computer works against us!)

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in oauth, pingfederate. Bookmark the permalink.