I am trying to create a simple proof of the OAuth concept, but I am stuck in implementing authorization code. Wherever I read, it seems like something is happening one way or another, never using an authorization code stream. For information, I used the following resources:
I have an api and owin web application with custom OAuthAuthorizationServerProvider to accept types of providing passwords for update tokens and the ability to exchange update tokens for access tokens. This works well, but I want to configure a scenario in which I redirect the browser to the server for authorization and redirect back to the client with the authorization code. Then I want the client to send an authorization code to the endpoint of the token to get the update token
In the second link in the "Web Server Applications" section, I try to get the api web application application to get the authorization code from the request, for example http://127.0.0.1/auth?response_type=code&client_id=123&redirect_uri=http://validredirect. com & scope = access , but I keep getting 404.
I configured owin as follows:
var databaseContext = new AdnsfContext(); WebApp.Start( new StartOptions("http://127.0.0.1:7000"), appBuilder => { var httpConfig = new HttpConfiguration(); httpConfig.MapHttpAttributeRoutes(); httpConfig.SuppressDefaultHostAuthentication(); httpConfig.Filters.Add(new HostAuthenticationFilter("Bearer")); appBuilder .UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, ApplicationCanDisplayErrors = true, AuthorizeEndpointPath = new PathString("/auth"), TokenEndpointPath = new PathString("/token"), AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(1), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(1), Provider = new AuthServerProvider(), AuthorizationCodeProvider = new AuthorizationCodeProvider(), RefreshTokenProvider = new RefreshTokenProvider(), }) .UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions { AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active, AuthenticationType = "Bearer", }) .UseCors(CorsOptions.AllowAll) .UseWebApi(httpConfig); });
The parts that I added to enable the authorization endpoint are properties for the auth server settings:
AuthorizeEndpointPath = new PathString("/auth"), AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(1), AuthorizationCodeProvider = new AuthorizationCodeProvider(),
Overrides in my implementation of AuthorizationCodeProvider exclude broken exceptions, but currently they donβt even fall into any breakpoints set in the code. It should be noted that when I use the postman to get to the auth endpoint, I get the server header for HTTPAPI / 2.0, which is different from the fact that something did not appear at this endpoint, which means that I have to send a request wrong. Can anyone see a problem with my setup? Thanks in advance, I know that this, obviously, I do not understand the understanding of OWIN and OAuth.