In versions prior to ASP.NET 5, there was a middleware called "OAuth Authorization Server Middleware" that allowed adding an OAuth server to the pipeline and configuring token generation. The middleware was easy to use, worked well, and gave access to the most relevant settings.
It turns out that when I started using ASP.NET 5 I realized that this middleware no longer exists. I was looking at GitHub and found that there is no intention of porting this middleware to the new version of the framework. What they are doing is encouraging the use of Identity Server 3.
I looked a little bit at Identity Server 3 and, although it was very well done, I did not like the idea of depending on it for some reasons:
OAuth Authorization Server Middleware was something that came "clean" and we set it at hand. From what I've seen Identity Server 3 comes with many things already done and what can be done is choosing not to use one or other functionality. I particularly prefer to set up in the hand only what I really need.
Identity Server 3 does not work on Core CLR. The problem with this is that, at least, I found it very advantageous to work with .NET Core. But Identity Server 3 only works in full .NET and it does not look like they're going to make a .NET Core version anytime soon. That way, just to have basic authentication features in my API I would need to give up .NET Core.
I did a little research and what I got closer was basically two options:
Use a community project called "AspNet.Security.OpenIdConnect.Server", which although it seems interesting, seems to be about OpenId rather than OAuth, which I researched for, are different things.
/ li>Encode an OAuth server. I think this is a bad option, first because I'm not a security expert and it would certainly leave a gap and second because it would not be very productive.
So, I would like to know of those who are already working with ASP.NET 5: how to use OAuth in ASP.NET 5 without losing the possibility of using .NET Core? I'm talking about OAuth, because it's the best way I know of implementing authentication in Web APIs, if there is another way that works best in ASP.NET 5 I'd also like to know.