Sending Additional Parameters to Token in Web API with oauth2 and AngularJS

Question

I've got an application written in AngularJS that contacts a Web API for authentication via oauth 2. Everything is working well with that core piece, but I need to pass in additional parameters to evaluate the login (clientID) and setup a remember me type functionality (remember).

From the Angular side, it would look something like this:

    var data = "grant_type=password&username=" + form.username + "&password=" + form.password + "&clientID=" + clientID + "&remember=" + form.remember;

    var deferred = $q.defer();

    $http.post(serviceBase + 'token', data, { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }).success(function (response) {

Any thoughts as the best way to capture those values once I'm processing the token through Startup.cs and SimpleAuthorizationServerProvider.cs? Thanks

Answer 1

When using GrantResourceOwnerCredentials, you can retrieve the OWIN request from OAuthGrantResourceOwnerCredentialsContext and extract the custom parameter you need by calling ReadFormAsync().

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    var form = await context.Request.ReadFormAsync();

    if (string.Equals(form["remember"], "true", StringComparison.OrdinalIgnoreCase))
    {
        // Add custom logic to handle the "remember me" case.
    }
}

That said, adding custom (i.e non-standard) parameters is usually discouraged, specially if they are mandatory. Note that you don't need to use a custom clientID parameter, as there's already a standard equivalent: client_id.