4

I am developing a web service using ASP.NET Web API. I am using ASP.NET Identity for authentication and token generation. I need to return an extended property in token response json. Till now I am able to return an extended string property in which I am sending a json string obtained by serializing a custom class object into json. Following is my auth provider code:

public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        await Task.Run(() =>
        {
            context.Validated();
        });            
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        await Task.Run(() =>
        {
            var loginResponse = new AccountManager().Login(context.UserName, context.Password);

            if (loginResponse == null)
            {
                context.SetError("invalid_grant", Resources.Messages.InvalidGrant);
                return;
            }

            var identity = new ClaimsIdentity(context.Options.AuthenticationType);

            IDictionary<string, string> data = new Dictionary<string, string>
            {
                { "userData", JsonConvert.SerializeObject(loginResponse) }
            };
            AuthenticationProperties properties = new AuthenticationProperties(data);

            Microsoft.Owin.Security.AuthenticationTicket ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, properties);
            context.Validated(ticket);
        });            
    }

    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }
}

Now in my response I have a property e.g. "userData" : "<Json String>" whereas I wanted to assign a json object (not json string) to userData. Is it possible?

Haider
  • 1,488
  • 2
  • 15
  • 29
  • 1
    Trying to understand exactly what your doing, is there a reason you can't just build your object as you like it and then just use the stringify method to convert it to a JSON string? – Pseudonym Oct 27 '14 at 13:25
  • Added the answer to the similar question https://stackoverflow.com/questions/40841971/asp-net-oauth-authorization-server-add-an-array-as-additional-response-paramete – Artur A Apr 08 '18 at 20:17

1 Answers1

0

I do not recommend putting JSON object inside ticket properties, this will INCREASE token size big time, and you be transmitting this token with each request. Maybe it is better if you define protected standalone endpoint to do this task after you obtain the access token. You will issue extra Get request after successful login but you will keep token size minimal.

Taiseer Joudeh
  • 8,953
  • 1
  • 41
  • 45
  • just want to confirm one more thing, that is what's the use of adding claims in identity? e.g. identity.AddClaim(new Claim("sub", context.UserName)); – Haider Oct 28 '14 at 10:09
  • 5
    When you add a JSON object in AuthenticationProperties, you do not increase the size of the token but you just add another property to the response object. The token only contains the claims, not the properties. So no, you do not submit properties on each request and it's perfectly fine to do it that way. – emp Jun 24 '16 at 08:17