{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 太酷不给撩 的问题《OAuth 2.0 Identity Providers in Windows Azure AppF》','https://www.manongdao.com/q-577492.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
OAuth 2.0 delegation is included within the Azure AppFabric Access Control Service:
But how do you actually set up an OAuth 2.0 identity provider?
In the management interface when you add an Identity Provider and select WS-Federation identity provider, you need to provide a WS-Federation metadata document.
However, when you read the documentation of OAuth 2.0 providers (i.e. http://msdn.microsoft.com/en-us/library/hh243647.aspx) there is no mention of a metadata document (Yes, I know Windows Live is included as a preconfigured identity provider). Is this something I have to write?
Update
Ok, so I've found that you can add additional identity providers using the API, see these PowerShell commands as an example:
However when trying to add an OAuth provider, I just get an error:
Add-IdentityProvider -Type "Manual" -Name "foo" -SignInAddress "http://term.ie/oauth/example/access_token.php" -Protocol OAuth -Namespace "abc" -ManagementKey "xxxxxx"
Add-IdentityProvider : An error occurred while processing this request.
At line:1 char:21
+ Add-IdentityProvider <<<< -Type "Manual" -Name "foo" -SignInAddress "http://term.ie/oauth/example/access_token.php" -Protocol OAuth -Namespace "abc" -ManagementKey "xxxxxx"
+ CategoryInfo : CloseError: (:) [Add-IdentityProvider], ServiceManagementException
+ FullyQualifiedErrorId : Microsoft.Samples.DPE.ACS.ServiceManagementTools.PowerShell.IdentityProviders.AddIdentityProviderCommand
Another Update
The ACS Management API provides a mechanism for adding new Identity Providers (if you set OpenId as your WebSSOProtocolType), however, I can't see how you pass in the key/secret that the OAuth test server ( http://term.ie/oauth/example/ ) I'm using requires.
In an email conversation I had with Dominick Baier (www.leastprivilege.com) he said:
If I understood Dominick's email properly, you cannot use OAuth in this capacity, you have to use OpenId. Unfortunately the guy who wrote the first blog article you mentioned really doesn't know anything about OpenID/OpenAuth -- he's a WS-Fed guy. I say that because I wrote it... :)
OAuth 2 delegation scenario, section 4.1 in draft 13, does not mandate a type of identity provider or any identity provider at all. You just need to do some form of authentication in your web site and redirect to your client's URL with an authentication code.
I recommend taking a look at the Auth 2 delegation sample at:
https://connect.microsoft.com/site1168/Downloads
You will notice that in this sample the authentication of the user is implemented with a place holder code (hard coded username/password). In real world scenario you can use any authentication pattern including Federation with ACS, which would make sense since you are already using ACS for implementing your delegation.