I understand that ASP.NET Core has the assembly Microsoft.AspNetCore.Authentication.JwtBearer which we can use for token validation. However, I just can't quite understand whether ASP.NET Core built-in middleware can be also used to generate the tokens like we did with Microsoft.Owin.Security.OAuth. Can someone please help me clarify the following questions.
Can we generate and issue tokens using Microsoft.AspNetCore.Authentication.JwtBearer like we did with Microsoft.Owin.Security.OAuth like:
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
without writing custom code to generate the token?
If we can't do it with Microsoft.Owin.Security, is there any functionality in Microsoft.AspNetCore.Owin that is analogous to Microsoft.Owin.Security.OAuth?
Is using a 3rd party solution like IdentityServer4 the way to go if we I want to use an in-app user store, expose an endpoint for client to get a token and use it for authorization? Thanks.
Can we generate and issue tokens using Microsoft.AspNetCore.Authentication.JwtBearer like we did with Microsoft.Owin.Security.OAuth
Microsoft.AspNetCore.Authentication.JwtBearer is just about JWT token validation. And it is not about OAuth 2.0 and OpenID Connect like it was in Microsoft.Owin.Security.OAuth. Moreover according to this link ASP.NET team decided not to port it.
So, to implement OAuth 2.0 and OpenID Connect you defenetly need to use a third-party package.
For basic scenarios it is convinient to use IdentityServer4 that you mentioned or OpenIddict as an alternative.
For more advanced scenarios I'd prefer ASOS which is used by OpenIddict. BTW, ASOS is forked from Katana's OAuth2 authorization server middleware.
As for Microsoft.AspNetCore.Owin it is not the same as Microsoft.Owin.Security.OAuth. It is just an adapter for running OWIN middleware in an ASP.NET Core application and vice versa