0

I have created a project that uses DotNetOpenAuth to implement both an OAuth2 AuthorizationServer and ResourceServer in one.

What I am wanting to do is use the OAuth as pseudo-authentication where the Client is authorised by OAuth to get the associated resource which is the user's profile.

On the ResourceServer I can use resourceServer.VerifyAccess( request, out result ); to successfully return the IPrincipal.

My question is: on the ResourceServer (which is the same as the Authorization Server) how can I get the user/user id/user profile from the Principal (or anything else that I have access to). The Principal name looks like a base64 encoded string. But that doesn't seem to match anything else that I have access to.

Andrew Arnott
  • 80,040
  • 26
  • 132
  • 171
Greg Bacchus
  • 2,235
  • 2
  • 23
  • 26

1 Answers1

0

DotNetOpenAuth's ResourceServer.VerifyAccess method gives you a principal whose name is the user who authorized the access token, and whose roles are the scopes that were granted to that token.

If you're seeing some base64 encoded string looking thing as the principal's name, it sounds like you should double check your code. I suggest you start at the point in your authorization server code that you call AuthorizationServer.PrepareApproveAuthorizationRequest passing in the authorizing username. Make sure that's what it should be.

It's highly unlikely that it was corrupted in transit because the token is encrypted and signed.

Andrew Arnott
  • 80,040
  • 26
  • 132
  • 171