Carlos Mendes - 289 - Mar 27, 2014

Hi there, we’re in the process of defining the security architecture.

Our major concern is that our API needs to be used in different scenarios and some of them involve client side only code running on different domains but we still need to handle authentication and authorization (the idea of the API is to add social features to other apps either through the API itself or though remote rendering of iFrames).

Microsoft added a OAuth2 based authorization server “toolkit” to Web API (good review here: http://leastprivilege.com/2014/03/24/the-web-api-v2-oauth2-authorization-server-middlewareis-it-worth-it/).

Can anyone doing something similar with Service Stack provide some guidance?

Thanks in advance