Overriding TokenEndPoint in AspNet.Security.OpenIdConnect.Server

About

Asked 3/12, 2015 at 19:43 Answered 4/12, 2015 at 16:37

Solved c#asp.net-core openid openid-connect aspnet-contrib

question related to this post here: Configure the authorization server endpoint.

Using the above example I am able to get token. previously it was possible to get additional information by over riding

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
        {
            foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
            {
                context.AdditionalResponseParameters.Add(property.Key, property.Value);
            }

            return Task.FromResult<object>(null);
        }

how do you achieve that in the current implementation of

public override Task TokenEndpoint(TokenEndpointContext context){
}

Thanks!

Triumvirate answered 3/12, 2015 at 19:43 Comment(0)

Your best option is to directly use the ApplyTokenResponse event to update the JSON payload returned to the client application. Unlike AdditionalResponseParameters, it allows you to add - or remove - virtually anything: objects, arrays, strings, integers...

Here's how you can do that:

public override Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
    // Only add the custom parameters if the response is not a token error response.
    if (string.IsNullOrEmpty(context.Error))
    {
        context.Response["custom-property-1"] = "custom-value";

        context.Response["custom-property-2"] = JArray.FromObject(new[]
        {
            "custom-value-1",
            "custom-value-2"
        });
    }

    return Task.FromResult(0);
}

Doubletongue answered 4/12, 2015 at 16:37 Comment(7)

Merci beaucoup @Pinpoint!. One other thing I was meaning to ask you is that, I kept getting 500 server error when I tried to access resources using http.get() method from my angular client. very hard to debug but I know this is happening because of the app.UseJwtAuthentication. any idea why it is throwing 500 without giving me a chance to react? – Triumvirate 4/12, 2015 at 18:38

Pas de quoi! Actually, the 500 response is a "bug" that was not fixed for RC1 but is now fixed in the nightly builds: github.com/aspnet/Security/issues/411. To determine why the JWT bearer middleware is failing, you can enable logging: docs.asp.net/en/latest/fundamentals/logging.html. FYI, the main point of failure is due to the resources parameter not being used: https://mcmap.net/q/303889/-separating-auth-and-resource-servers-with-aspnet-security-openidconnect-the-audience. – Candlepin 4/12, 2015 at 18:53

FYI, we'll stop using JWT access tokens by default in the next beta: github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/…. – Candlepin 4/12, 2015 at 18:55

when will next beta be available? because validation middleware is exactly what I need. As my resource server and the authorization server is one and the same. – Triumvirate 4/12, 2015 at 19:6

No precise date yet, there are still many things to do for beta5 (and some are open to contributions ;)). You can follow the progress here: github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/…. – Candlepin 4/12, 2015 at 19:9

Updated to use the new event name used by ASOS beta5 (for ASP.NET Core RC2). – Candlepin 19/5, 2016 at 14:57

For future users: I ended up using context.Response.AddParameter() to handle my needs (rather than context.Response["..."] = .... – Brigidbrigida 22/1, 2023 at 18:1

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags