ASP.NET oAuth Access Token over SSL

Question

I follow this article http://www.asp.net/web-api/overview/security/working-with-ssl-in-web-api to enforce all of my api calls over https.

I used one of the Visual Studio Template to enable oAuth by the following code:

        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            AllowInsecureHttp = true
        };

Which basically says that we can request an Access Token by http://server.com/Token url.

My question is how to enforce the Token retrieval over SSL (any non-https requests for requesting the Token will be denied).

Answer 1

Found the solution, remove the AllowInsecureHttp = true from the OAuthOptions, if anyone is wondering.