Using Extradata from Authorization Endpoint and getting it at Token endpoint.

33 views

Skip to first unread message

Chinmaya Padhi

unread,

Sep 23, 2014, 9:09:21 AM9/23/14

to dotnet...@googlegroups.com

Hi ,

I am using DNOA for OAuth implementation in the webapplication. I am trying to send some extra data in the below method

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Public Function ApproveAuthorizationRequest(request As OAuth2AuthorizationRequest, userID As Guid) As OAuth2AuthorizationResponse

If request Is Nothing Then
Throw New ArgumentNullException("request")
End If

Dim userAuthorizationRequest As OAuth2UserAuthorizationRequest = TryCast(request, OAuth2UserAuthorizationRequest)
Dim userName As String = Environment.User.UserName
If Not New Guid(Environment.User.ID) = userID Then
userName = CStr(New QueryBuilder(Connection, "UserName", "Users", "ID").QueryDatabase(DatabaseTypes.Hosting, EDLQueryOptions.SingleValue, userID))
End If

If Not CheckAsVascoUser(userName) Then
userAuthorizationRequest.Message.ExtraData.Add("Vasco", "RefreshTokenNeeded")
Else
userAuthorizationRequest.Message.ExtraData.Add("Vasco", "RefreshTokenNotNeeded")
End If
Dim authorizationReponse As EndUserAuthorizationSuccessResponseBase = AuthorizationServer.PrepareApproveAuthorizationRequest(userAuthorizationRequest.Message, userName)

Dim response As New OAuth2AuthorizationSuccessResponse(AuthorizationServer.Channel, authorizationReponse)
' Persist the relation in the Database
Dim qb As QueryBuilder = OAuth2Queries.OAuthClientAuthorizedByUser(Connection)
If qb.QueryDatabase(DatabaseTypes.Hosting, EDLQueryOptions.SingleRow, New Object() {userID, request.Client.Id}) Is Nothing Then
' It is not necesarry to set the user on the business component because it is set by default
Dim ocu As New OAuthClientUserBC(Environment)
ocu.AddNew()
ocu.UserID.Value = userID
ocu.OAuthClient.Value = request.Client.Id
ocu.Update()
End If
Return response

End Function

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

And then try to get the extra data in the CreateAccessToken method

Function CreateAccessToken(accessTokenRequestMessage As IAccessTokenRequest) As AccessTokenResult Implements IAuthorizationServerHost.CreateAccessToken

Dim accessToken As New AuthorizationServerAccessToken()
accessToken.Lifetime = TimeSpan.FromMinutes(Environment.Setting(Core.SettingType.General, "OAuthAccessTokenLifetime", 10))
accessToken.AccessTokenSigningKey = CreateAuthorizationServerSigningKey()
accessToken.ResourceServerEncryptionKey = CreateResourceServerEncryptionKey()
If accessTokenRequestMessage.ExtraData.ContainsKey("Vasco") Then

Dim vascoExtraParam As String = accessToken.ExtraData.Item("Vasco")

'Do not send refresh tokens for vasco users. Decided as a security for them.

If vascoExtraParam = "RefreshTokenNeeded" Then

Return New AccessTokenResult(accessToken) With {.AllowRefreshToken = False}

End If

End If
Return New AccessTokenResult(accessToken)

End Function

Please share how can i get the extra data from the authorization endpoint to the token access endpoint.

Regards,

Chinmaya

Reply all

Reply to author

Forward

0 new messages