我正在尝试将授权代码流添加到基于OWIN的应用程序中。
我的设置是:
// Enable JWT OAuth Authorization Server
var opt = new OAuthAuthorizationServerOptions()
{
TokenEndpointPath = new PathString("/oauth/token"),
AuthorizeEndpointPath = new PathString("/oauth/authorize"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(5),
Provider = new MyOAuthAuthorizationServerProvider(),
RefreshTokenProvider = new MyRefreshTokenProvider(),
AuthorizationCodeProvider = new MyAuthorizationCodeProvider(),
#if DEBUG
AllowInsecureHttp = true
#endif
};
opt.AccessTokenFormat = new MyJwtFormat(opt);
app.UseOAuthAuthorizationServer(opt);
public class MyAuthorizationCodeProvider : IAuthenticationTokenProvider
{
private readonly ConcurrentDictionary<string, string> _authenticationCodes = new ConcurrentDictionary<string, string>(StringComparer.Ordinal);
public MyAuthorizationCodeProvider()
{
}
public void Create(AuthenticationTokenCreateContext context)
{
context.SetToken(Guid.NewGuid().ToString("n") + Guid.NewGuid().ToString("n"));
_authenticationCodes[context.Token] = context.SerializeTicket();
}
public Task CreateAsync(AuthenticationTokenCreateContext context)
{
Create(context);
return Task.FromResult(0);
}
public void Receive(AuthenticationTokenReceiveContext context)
{
string value;
_authenticationCodes.TryGetValue(context.Token, out value);
context.DeserializeTicket(value);
}
public Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
Receive(context);
return Task.FromResult(0);
}
}
虽然密码授予流程起作用,并且它执行刷新令牌流,但当我请求HTTP GET时,授权代码流始终返回"invalid_request"
我甚至无法调试MyAuthorizationCodeProvider(创建/接收方法中没有断点)
我肯定错过了一些大的东西:-)但我无法弄清楚是什么......