是否可以通过 WEB API 应用程序中的客户端获取令牌调用来发送更多信息?
Is it possible to send more info via get token call from client in a WEB API application?
对于我的 WebAPI 项目 OAuth 处理,我有以下代码:
namespace Synergetic.API.WebAPI
{
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
}
}
}
还有一个从 OAuthAuthorizationServerProvider 子类化的应用程序实际使用了这个方法。
在 Web 客户端,我有这个 javascript 用于从服务器获取令牌:
var token;
var loginData = {
grant_type: 'password',
username: $('#txtUser').val(),
password: $('#txtPassword').val()
};
var beforeSendFunc = function (request) {
//alert(token);
request.setRequestHeader("Authorization", "Bearer " + token);
};
$.ajax({
type: 'POST',
url: "Token",
data: loginData
}).success(function (data) {
.............
更新:经过一些调查,我假设不可能或至少很难实现授权服务器拥有多个令牌访问端点。我们可以通过获取令牌客户端调用来发送更多信息吗?我的意思是除了现有的用户名、密码、凭据之外还有更多数据?
我发现这个有用的帖子:
How do you consume extra parameters in OAuth2 Token request within .net WebApi2 application
我们需要在 OAuthAuthorizationServerOptions 方法中添加以下代码行:
var data = await context.Request.ReadFormAsync();
对于我的 WebAPI 项目 OAuth 处理,我有以下代码:
namespace Synergetic.API.WebAPI
{
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
}
}
}
还有一个从 OAuthAuthorizationServerProvider 子类化的应用程序实际使用了这个方法。
在 Web 客户端,我有这个 javascript 用于从服务器获取令牌:
var token;
var loginData = {
grant_type: 'password',
username: $('#txtUser').val(),
password: $('#txtPassword').val()
};
var beforeSendFunc = function (request) {
//alert(token);
request.setRequestHeader("Authorization", "Bearer " + token);
};
$.ajax({
type: 'POST',
url: "Token",
data: loginData
}).success(function (data) {
.............
更新:经过一些调查,我假设不可能或至少很难实现授权服务器拥有多个令牌访问端点。我们可以通过获取令牌客户端调用来发送更多信息吗?我的意思是除了现有的用户名、密码、凭据之外还有更多数据?
我发现这个有用的帖子:
How do you consume extra parameters in OAuth2 Token request within .net WebApi2 application
我们需要在 OAuthAuthorizationServerOptions 方法中添加以下代码行:
var data = await context.Request.ReadFormAsync();