OAuth2 in Thinktecture IdentityServer : OAuth2 identity providers
One of the new features in Thinktecture IdentityServer v2 is the support for federation with other identity providers. This means that IdentityServer can act as a federation gateway (sometimes called a R-STS or resource-STS) and Dominick shows off the feature here. In his video Dominick mentions that only other WS-Federation identity providers are supported, but this is no longer correct! OAuth2 identity providers are now supported. This means that IdentityServer can act as a federation gateway for Facebook, Live and/or Google (and potentially other OAuth2 providers in the future).
To get this working it’s not too much different than a normal R-STS setup that Dominick covers in his video. The only difference is that when you configure an identity provider by choosing “new”:
You get the standard screen to create a new identity provider (WS-* or OAuth2):
You then have the option of indicating that the identity provider is an OAuth2 style provider:
You’d then choose which of the supported OAuth2 providers from the list:
And then enter the typical OAuth2 client ID and client secret values:
And once all the information is filled in, a normal WS-Federation client can connect to IdentityServer.
And then you get claims back to the client:
So we now have federation with OAuth2 identity providers. Yay!