我正在爲web api實施OAuth 2.0。最初,我想要允許的唯一授予類型是「密碼」,用於資源所有者密碼授予類型。未來,我可能會擴展到其他庫存授予類型,甚至可以建立自定義類型。爲了實現,我在我的Startup.cs類中創建了下面的代碼。我沒有指定授權端點,而只是一個令牌端點。使用OAuthAuthorizationServer定製允許的授權類型
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
public void ConfigureAuth(IAppBuilder app)
{
var myOAuthServerProvider = new MyOAuthServerProvider();
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
// mark true if you are not on https channel. This should never be true for Production.
AllowInsecureHttp = true,
//Enable a 60 minute expiration time.
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
// Allows the authorization server to alter the response coming out so it can report a 401.
AuthenticationMode = AuthenticationMode.Active,
// Provider needs to be the custom class that performs our authentication.
Provider = myOAuthServerProvider,
// This specifies the endpoint path where you can generate a token.
TokenEndpointPath = new PathString("/api/token"),
});
}
}
對於MyOAuthServerProvider類,我應該從OAuthAuthorizationServerProvider繼承和重寫的具體方法,只允許授予類型我想啓用,或者我應該不是從從地上爬起來的IOAuthAuthorizationServerProvider接口實現MyOAuthServerProvider?
謝謝!我是否也必須重寫GrantAuthorizationCode,GrantClientCredentials和GrantCustomExtension以引發異常或返回特定的內容以防止使用這些授予類型? – tarun713
沒關係,只是在文檔中看到,這些函數的默認行爲是拒絕授予類型。我會接受你的回答。 – tarun713
有沒有什麼方法可以通過編程方式設置'grant_type'而不是通過API? –