Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - 尝试从 Postman 生成令牌时 clientId 和 clientSecret 变为空
Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId and clientSecret coming null while trying to generate token from Postman
我正在为我的 asp.net web api 2 应用程序使用 OWIN 安全性,这是我的启动 class 身份验证设置。
public void ConfigureOAuth(IAppBuilder app)
{
var oAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new CustomAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
这里是 CustomAuthorizationServerProvider class 实现,
public class CustomAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.TryGetFormCredentials(out var clientId, out var clientSecret);
if (clientId == "987459827985" && clientSecret == "lkfjldsfjkld")
{
context.Validated(clientId);
}
return base.ValidateClientAuthentication(context);
}
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "TestClient"));
var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
context.Validated(ticket);
return base.GrantClientCredentials(context);
}
}
现在,在尝试使用端点 http://localhost:8080/token 生成令牌时,我得到的 clientId 和 clientSecret 都为 NULL,因此我得到 "error": "invalid_client"。我在这里缺少什么?
编辑:编辑
当我使用 raw 作为正文时,我可以看到令牌生成正在运行并且客户端和机密都具有价值。为什么它不适用于 form-data?
查看 postman 文档:Sending API requests
最重要的是:
Website forms often send data to APIs as multipart/form-data. You can replicate this in Postman using the form-data Body tab. Form data allows you to send key-value pairs, and specify the content type.
通过网络快速搜索,API 需要一种特殊类型的处理来绑定 multipart/form-data
即
There is even a plugin for that
内容类型很重要。
我正在为我的 asp.net web api 2 应用程序使用 OWIN 安全性,这是我的启动 class 身份验证设置。
public void ConfigureOAuth(IAppBuilder app)
{
var oAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new CustomAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
这里是 CustomAuthorizationServerProvider class 实现,
public class CustomAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.TryGetFormCredentials(out var clientId, out var clientSecret);
if (clientId == "987459827985" && clientSecret == "lkfjldsfjkld")
{
context.Validated(clientId);
}
return base.ValidateClientAuthentication(context);
}
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "TestClient"));
var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
context.Validated(ticket);
return base.GrantClientCredentials(context);
}
}
现在,在尝试使用端点 http://localhost:8080/token 生成令牌时,我得到的 clientId 和 clientSecret 都为 NULL,因此我得到 "error": "invalid_client"。我在这里缺少什么?
编辑:编辑
当我使用 raw 作为正文时,我可以看到令牌生成正在运行并且客户端和机密都具有价值。为什么它不适用于 form-data?
查看 postman 文档:Sending API requests
最重要的是:
Website forms often send data to APIs as multipart/form-data. You can replicate this in Postman using the form-data Body tab. Form data allows you to send key-value pairs, and specify the content type.
通过网络快速搜索,API 需要一种特殊类型的处理来绑定 multipart/form-data
即
There is even a plugin for that
内容类型很重要。