I've been studying ASP.NET 5 for some time now and there is something I'm yet confused. To implement authentication in Web API 2 what I used to do was basically use the OWIN OAuth Authentication Server Middleware. It was simple to use, I could configure just what I needed and there wasn't a bunch of stuff I needed to put on the app without need for it.
Now, at first I didn't find this in ASP.NET 5 and I thought it was a matter of time to wait the middleware to show up. But yesterday, reading on the issues on the Security repo I found out that apparently there is no intention to port this middleware to the new version of the framework.
Instead, it seems people are encouraged to use Identity Server 3. I took a look on the project and although it is nice and has many usages I really prefer to configure just the minimum I need sometimes. Also, another drawback is that Identity Server 3 needs the full CLR, so if I need to use it in order to provide authentication on my application I would need to stop using Core CLR, which for me is a huge disadvantage since Core CLR is a lot more lightweight.
So, if I don't want to use the Identity Server 3 on ASP.NET 5, how can I implement authentication for Web API if the OAuth Authentication Server middleware is gone? Has anyone been through that and found a way to deal with it?
How to deal with authentication on ASP.NET 5 Web API without using Identity Server 3?