Confusion regarding OAUTH2 and custom identity provider

Question

I'm working on an ASP.NET Web API, and now I'd like to implement the oauth2 protocol for the authorization to the api endpoints.

The identity provider, the authorization server and the resource (the api), will all be handled by our software. I do not need to implement Google, MS og Facebook login. The reason for me to choose oauth, is that I'd like to use the same identity provider for futere services my company might develop. Every sample code and tutorial I've found on the internet so far, seems to concentrete on using external identity providers, like Google, and not so much on self developed solutions. Also, they seem to include web pages for entering credentials, which is not what I'd like to do. The client library should take an apikey and use this to get the necessary token for accessing the resource api. Is this even possible? Or have I totally misunderstood the intended use of oauth?

I hope my case is made clear, so please, if anyone can point me in the right direction to a code sample, tutorial or similar.

Answer 1

There is no concept of apikey in oauth. Rather, you have different flows where the client credential flow is the one you should be interested in. The flow consists in sending only the client_id and client_secret from the client application to the token endpoint of the identity provider and thus claiming the token without any user interaction.

http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified

(Aaron has this flow documented as "Application Access")

If you decide to go with DotnetOpenAuth, the flow is possible to implement for the identity provider, the resource server and the client application. First, download their examples, try to learn as much as possible and then come back with specific questions.