Using Extradata from Authorization Endpoint and getting it at Token endpoint.

32 views
Skip to first unread message

Chinmaya Padhi

unread,
Sep 23, 2014, 9:09:21 AM9/23/14
to dotnet...@googlegroups.com
Hi , 

I am using DNOA for OAuth implementation in the webapplication. I am trying to send some extra data in the below method 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Public Function ApproveAuthorizationRequest(request As OAuth2AuthorizationRequest, userID As Guid) As OAuth2AuthorizationResponse

If request Is Nothing Then

Throw New ArgumentNullException("request")

End If


Dim userAuthorizationRequest As OAuth2UserAuthorizationRequest = TryCast(request, OAuth2UserAuthorizationRequest)

Dim userName As String = Environment.User.UserName

If Not New Guid(Environment.User.ID) = userID Then

userName = CStr(New QueryBuilder(Connection, "UserName", "Users", "ID").QueryDatabase(DatabaseTypes.Hosting, EDLQueryOptions.SingleValue, userID))

End If


If Not CheckAsVascoUser(userName) Then

userAuthorizationRequest.Message.ExtraData.Add("Vasco", "RefreshTokenNeeded")

Else

userAuthorizationRequest.Message.ExtraData.Add("Vasco", "RefreshTokenNotNeeded")

End If

Dim authorizationReponse As EndUserAuthorizationSuccessResponseBase = AuthorizationServer.PrepareApproveAuthorizationRequest(userAuthorizationRequest.Message, userName)


Dim response As New OAuth2AuthorizationSuccessResponse(AuthorizationServer.Channel, authorizationReponse)

' Persist the relation in the Database

Dim qb As QueryBuilder = OAuth2Queries.OAuthClientAuthorizedByUser(Connection)

If qb.QueryDatabase(DatabaseTypes.Hosting, EDLQueryOptions.SingleRow, New Object() {userID, request.Client.Id}) Is Nothing Then

' It is not necesarry to set the user on the business component because it is set by default

Dim ocu As New OAuthClientUserBC(Environment)

ocu.AddNew()

ocu.UserID.Value = userID

ocu.OAuthClient.Value = request.Client.Id

ocu.Update()

End If

Return response

End Function

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 

And then try to get the extra data in the CreateAccessToken method 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Function CreateAccessToken(accessTokenRequestMessage As IAccessTokenRequest) As AccessTokenResult Implements IAuthorizationServerHost.CreateAccessToken

Dim accessToken As New AuthorizationServerAccessToken()

accessToken.Lifetime = TimeSpan.FromMinutes(Environment.Setting(Core.SettingType.General, "OAuthAccessTokenLifetime", 10))

accessToken.AccessTokenSigningKey = CreateAuthorizationServerSigningKey()

accessToken.ResourceServerEncryptionKey = CreateResourceServerEncryptionKey()

If accessTokenRequestMessage.ExtraData.ContainsKey("Vasco") Then

Dim vascoExtraParam As String = accessToken.ExtraData.Item("Vasco")

'Do not send refresh tokens for vasco users. Decided as a security for them.

If vascoExtraParam = "RefreshTokenNeeded" Then

Return New AccessTokenResult(accessToken) With {.AllowRefreshToken = False}

End If

End If

Return New AccessTokenResult(accessToken)

End Function

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Please share how can i get the extra data from the authorization endpoint to the token access endpoint.

Regards,
Chinmaya  
Reply all
Reply to author
Forward
0 new messages