Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to modify token endpoint response body with Owin OAuth2 in Asp.Net Web API 2

Tags:

asp.net

asp.net-web-api

oauth-2.0

http-token-authentication

owin

I want to modify the response body from the token endpoint response.

I've tried to intercept the /Token request with a MessageHandler but it doesn't work.

I'm able to add some additional informations to the response by overriding the OAuthAuthorizationServerProvider.TokenEndpointmethod, but I'm not able to create my own response body.

Is there a way to intercept the /Token request?

Edit

I found out how to remove the response body content from the token endpoint response, like this: HttpContext.Current.Response.SuppressContent = true;

It seems the right way to achieve my goal, but now when I use the context.AdditionalResponseParameters.Add() method to add my custom information, the SuppressContent block any alterations.

Now I have something like this:

// Removing the body from the token endpoint response
HttpContext.Current.Response.SuppressContent = true;
// Add custom informations
context.AdditionalResponseParameters.Add("a", "test");
like image 999
Samoji Avatar asked Feb 22 '15 10:02

Samoji

1 Answers

To simply add new items to the JSON token response, you can use TokenEndpointResponse instead of the TokenEndpoint notification.

If you're looking for a way to completely replace the token response prepared by the OAuth2 authorization server by your own one, there's sadly no easy way to do that because OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync doesn't check the OAuthTokenEndpointContext.IsRequestCompleted property after invoking the TokenEndpointResponse notification.

https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs

This is a known issue, but it was too late to include it in Katana 3 when I suggested to fix it.

You should give Owin.Security.OpenIdConnect.Server a try: it's an a fork of the OAuthAuthorizationServerMiddleware designed for Katana 3.0 and 4.0.

https://www.nuget.org/packages/Owin.Security.OpenIdConnect.Server/1.0.2

Of course, it includes the correct check to allow bypassing the default token request processing (this was even one of the first things I fixed when forking it).

like image 64
Kévin Chalet Avatar answered Sep 20 '22 20:09

Kévin Chalet
Sign in to Comment

Related questions

Hangfire with multiple projects in .net solution
How to load all pages of crystal reports at once
How to defer the update at the client side after async postback in updatepanel
ASP.NET Membership Login redirecting to unauthorized when user is logged in
SignInManager.PasswordSignInAsync generate many database access
How can I get the list of policies from Asp.Net Core Authentication?
Integration testing C# WebAPI asp.NET Framework 4.6.1
Membership Providers and HIPAA Compliance
Jquery Validation And Update Panel Together
Can Azure run WPF?
.NET 4 MVC 2 Validation with annotations warning instead of error
Where to Store Encryption Keys MVC Application
ASP.NET Normalizing Backslashes to Forward Slashes
Error in Masterpage, namespace already exists
EF add-migration generates empty migration
Do ASP.NET worker threads spend most of their active time in a blocked state?
Insert or Update SQL Table with DataTable
How do I invalidate claims using ASP.NET Identity?
Custom OWIN CookieAuthenticationProvider fails on 1st/cold boot
signalr not working on specific isp networks

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!