Integrating with an old OAuth2 NancyFX API

I’ve inherited an old project that has an API based on NancyFX. It uses the old Owin OAuth2 middleware:

Combined with the old MembershipReboot system by Brock Allen

The end goal is that the new ServiceStack API will one day replace the NancyFX api. For now though, we want to start on the new API / portal, which requires integrating authentication.

I’m a little confused on what path I should take to integrate the two:

1. Should I write a custom SS OAuthProvider to auth through the old service?
2. Should I write a custom CredentialsAuthProvider that will handle authentication in ServiceStack using the same password encryption / decryption as the old system (ultimately, in the end, I want SS to handle auth w/ jwt, not the old service).

The first goal is to allow a user to login to the old portal / api, and click a link to be taken to the new, “beta”, portal (passing along tokens).

I did this with my last application, but they used the normal identity server, which SS works fairly well with.

I would think the easiest approach would be to implement a Custom OAuth2 provider, if it works like the rest of ServiceStack’s OAuth2 providers it should be pretty easy to implement, you can use GoogleAuthProvider as a guide, if you’re lucky you may not need to override any of the default implementation in the base methods, otherwise you’ll need to overload some.

The long term approach might be to get rid of the Nancy and remote OAuth2 dependency alttogether where you may want to consider creating a custom CredentialsAuthProvider which it if this is the first time they’ve authenticated then use the Username/Password to validate the credentials with the remote server, if it’s valid then use the password to create a user in the Auth Repo (i.e. AuthRepo.CreateUserAuth(user,password)` then authenticate them, otherwise if they already exist in ServiceStack, authenticate them normally.