OWIN授权代码流始终重新生成“invalid_request”(400 Bad Request)

时间:2018-03-26 13:35:41

标签: asp.net oauth-2.0 owin owin.security

我正在尝试将授权代码流添加到基于OWIN的应用程序中。

我的设置是:

Startup.cs

// Enable JWT OAuth Authorization Server
var opt = new OAuthAuthorizationServerOptions()
{
    TokenEndpointPath = new PathString("/oauth/token"),
    AuthorizeEndpointPath = new PathString("/oauth/authorize"),
    AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
    AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(5),
    Provider = new MyOAuthAuthorizationServerProvider(),
    RefreshTokenProvider = new MyRefreshTokenProvider(),
    AuthorizationCodeProvider = new MyAuthorizationCodeProvider(),
#if DEBUG
    AllowInsecureHttp = true
#endif
};

opt.AccessTokenFormat = new MyJwtFormat(opt);
app.UseOAuthAuthorizationServer(opt);

MyAuthorizationCodeProvider.cs

public class MyAuthorizationCodeProvider : IAuthenticationTokenProvider
{
    private readonly ConcurrentDictionary<string, string> _authenticationCodes = new ConcurrentDictionary<string, string>(StringComparer.Ordinal);

    public MyAuthorizationCodeProvider()
    {
    }

    public void Create(AuthenticationTokenCreateContext context)
    {
        context.SetToken(Guid.NewGuid().ToString("n") + Guid.NewGuid().ToString("n"));
        _authenticationCodes[context.Token] = context.SerializeTicket();
    }

    public Task CreateAsync(AuthenticationTokenCreateContext context)
    {
        Create(context);
        return Task.FromResult(0);
    }

    public void Receive(AuthenticationTokenReceiveContext context)
    {
        string value;
        _authenticationCodes.TryGetValue(context.Token, out value);
        context.DeserializeTicket(value);
    }

    public Task ReceiveAsync(AuthenticationTokenReceiveContext context)
    {
       Receive(context);
       return Task.FromResult(0);
    }
}

虽然密码授予流程起作用,并且它执行刷新令牌流,但当我请求HTTP GET时,授权代码流始终返回"invalid_request"

http://host/oauth/authorize?response_type=code&client_id=sample333&redirect_uri=https%3A%2F%2Fhost%2F&scope=access&state=samplee666

我甚至无法调试MyAuthorizationCodeProvider(创建/接收方法中没有断点)

我肯定错过了一些大的东西:-)但我无法弄清楚是什么......

0 个答案:

没有答案