Authorize_code provide stream in Owin.Security.OAuth: returns invalid_grant

Question

Authorize_code provide stream in Owin.Security.OAuth: returns invalid_grant

I am trying to configure my authentication using a flow of provision authorization_code. I used to work with grant_type=password, so I know how the material should work. But when using, grant_type=authorization_codeI could not get it to return anything butinvalid_grant

Here is my setup:

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
    AllowInsecureHttp = true,
    TokenEndpointPath = new PathString("/auth/token"),
    AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
    Provider = new SampleAuthProvider()
});

app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
    AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
    AuthenticationType = "Bearer"
});

SampleAuthProvider is the following class: https://gist.github.com/anonymous/8a0079b705423b406c00

Basically, it just logs every step and checks it. I tried the request:

POST http://localhost:12345/auth/token
grant_type=authorization_code&code=xxxxxx&client_id=xxxxx&redirect_uri=https://xxxx.com/
Content-Type: application/x-www-form-urlencoded

Occurs:

OnMatchEndpoint
OnValidateClientAuthentication

And it's all. I expected that he would call OnValidateTokenRequestand OnGrantAuthorizationCodeon, but it just did not work. I have no idea why.

xxxx , . , - ? redirect_uri http, - , ...

grant_type. , , , , authorization_code, .

TL; DR

My OAuthAuthorizationServerProvider {"error":"invalid_grant"} OnValidateClientAuthentication grant_type=authorization_code.

?
?

!

Edit

, . AuthorizationCodeProvider. , AuthorizationCodeProvider, . , .

+4

asp.net oauth-2.0 owin

dgn 01 . '14 16:30

4

, . , :

 AuthorizeEndpointPath = new PathString(Paths.AuthorizePath)

, , .

Owin Oauth

+1

RajeshKannan 04 . '14 20:36

, . , , :

            // Required. The request is rejected if it not provided
            authProps.Dictionary.Add("client_id", clientIds[0]); 

            // Required, must be in the future
            authProps.ExpiresUtc = DateTimeOffset.Now.AddMinutes(1);

0

mkaj 02 . '15 20:24

. , :

OAuthAuthorizationServerOptions.AuthorizationCodeProvider .
client_id GET , authorization_code.
Override OAuthAuthorizationServerProvider.ValidateClientAuthenticationand call in this method context.TryGetFormCredentials. This sets the property context.ClientIdto the value from the client_idGET parameter . This property must be set , otherwise you will get an error invalid_grant. Also call context.Validated().

After doing all of the above, I could finally exchange authorization_codefor access_tokena marker on the endpoint.

0

Gebb Dec 6 '17 at 11:17

source share

dgn · Accepted Answer · 2014-07-11T13:07:32+0000

. , .

, , AuthorizationCodeProvider. grant_type=authorization_code, . , , . .

, , , RajeshKannan, , .

:

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
    TokenEndpointPath = new PathString(Paths.TokenPath),
    Provider = new SampleAuthProvider(),
    AuthorizationCodeProvider = new MyAuthorizationCodeProvider ()
}

MyAuthorizationCodeProvider:

internal class MyAuthorizationCodeProvider : AuthenticationTokenProvider
{
    public override async Task ReceiveAsync(
        AuthenticationTokenReceiveContext context)
    {
        object form;
        // Definitely doesn't feel right
        context.OwinContext.Environment.TryGetValue(
                "Microsoft.Owin.Form#collection", out form); 
        var redirectUris = (form as FormCollection).GetValues("redirect_uri");
        var clientIds = (form as FormCollection).GetValues("client_id");
        if (redirectUris != null && clientIds != null)
        {
            // Queries the external server to validate the token
            string username = await MySsoService.GetUserName(context.Token,
                                                             redirectUris[0]);
            if (!string.IsNullOrEmpty(username))
            {
                var identity = new ClaimsIdentity(new List<Claim>()
                {
                    // I need the username in  GrantAuthorizationCode
                    new Claim(ClaimTypes.NameIdentifier, username) 
                }, DefaultAuthenticationTypes.ExternalBearer);

                var authProps = new AuthenticationProperties();

                // Required. The request is rejected if it not provided
                authProps.Dictionary.Add("client_id", clientIds[0]); 

                // Required, must be in the future
                authProps.ExpiresUtc = DateTimeOffset.Now.AddMinutes(1); 

                var ticket = new AuthenticationTicket(identity, authProps);
                context.SetTicket(ticket);
            }
        }
    }
}

Authorize_code provide stream in Owin.Security.OAuth: returns invalid_grant

More articles: