ASP.NET Web Api: How to pass an access token (oAuth 2.0) using URL parameter? -
do have idea how can use, access_token generated default asp.net web api 2 oauth 2 authorization mechanism, in url parameters. able authorize sending request authorization header this:
accept: application/json content-type: application/json authorization: bearer padksjwmv927u...
what want enable authorization through url parameter this:
https://www.domain.com/api/mycontroller?access_token=padksjwmv927u...
well - agree header better alternative - there of course situations query string needed. oauth2 spec defines well.
anyways - feature built katana oauth2 middleware:
public class querystringoauthbearerprovider : oauthbearerauthenticationprovider { readonly string _name; public querystringoauthbearerprovider(string name) { _name = name; } public override task requesttoken(oauthrequesttokencontext context) { var value = context.request.query.get(_name); if (!string.isnullorempty(value)) { context.token = value; } return task.fromresult<object>(null); } }
and then:
var options = new jwtbearerauthenticationoptions { allowedaudiences = new[] { audience }, issuersecuritytokenproviders = new[] { new symmetrickeyissuersecuritytokenprovider( issuer, signingkey) }, provider = new querystringoauthbearerprovider(“access_token”) };
Comments
Post a Comment