OAuth 2.0 Identity Providers in Windows Azure AppFabric Access Control Service (ACS)

In an email conversation I had with Dominick Baier (www.leastprivilege.com) he said:

ACS actually supports OpenId IdPs – not OAuth. OAuth is used for token requests (delegation tokens typically).

To add new OpenIds IdP you need to use the management API – Vittorio has a blog post with a sample somewhere. But not all OpenId providers are supported.

If I understood Dominick's email properly, you cannot use OAuth in this capacity, you have to use OpenId. Unfortunately the guy who wrote the first blog article you mentioned really doesn't know anything about OpenID/OpenAuth -- he's a WS-Fed guy. I say that because I wrote it... :)

OAuth 2 delegation scenario, section 4.1 in draft 13, does not mandate a type of identity provider or any identity provider at all. You just need to do some form of authentication in your web site and redirect to your client's URL with an authentication code.

I recommend taking a look at the Auth 2 delegation sample at:

https://connect.microsoft.com/site1168/Downloads

You will notice that in this sample the authentication of the user is implemented with a place holder code (hard coded username/password). In real world scenario you can use any authentication pattern including Federation with ACS, which would make sense since you are already using ACS for implementing your delegation.