4

I use

 app.UseOAuthBearerTokens(OAuthOptions);

and

var options = new OAuthAuthorizationServerOptions
{

    TokenEndpointPath = new Microsoft.Owin.PathString("/Token"),
    AuthorizeEndpointPath = new Microsoft.Owin.PathString("/api/Account/ExternalLogin"),
    Provider = new ApplicationOAuthProvider<CampusDaysUser>(PublicClientId, IdentityManagerFactory, CookieOptions)
};

But url http://example.com/Token/ returns error:

The resource cannot be found.

abatishchev
  • 98,240
  • 88
  • 296
  • 433
Poul K. Sørensen
  • 16,950
  • 21
  • 126
  • 283

1 Answers1

5
    OAuthOptions = new OAuthAuthorizationServerOptions
    {
        TokenEndpointPath = new Microsoft.Owin.PathString("/Token"),
        AllowInsecureHttp = true,
        AuthorizeEndpointPath = new Microsoft.Owin.PathString("/api/Account/ExternalLogin"),
        Provider = new ApplicationOAuthProvider<CampusDaysUser>(PublicClientId, IdentityManagerFactory, CookieOptions)
    };

Need to set allow http now to get it working. Read the comments, this should be done in development only. Production you should get a certificate and use SSL.

Poul K. Sørensen
  • 16,950
  • 21
  • 126
  • 283
  • Isn't this a dangerous advice? If I understand correctly this allows unsecured communication to obtain the token, which I cannot imagine is good for the security. – angularsen Nov 09 '13 at 00:15
  • 1
    AllowInsecureHttp is only intended for development purposes. In a production system the recommendation is to use SSL to ensure tokens are not being passed in the clear. – Joe Brinkman Feb 08 '14 at 11:56
  • What joe said. I will update my answer to state this also. I just needed it to work in development. – Poul K. Sørensen Feb 08 '14 at 13:26