Web api token based authentication:- Failed to decode token from base64 string to get user name and password

Question

I am using Web Api Token Based Authentication using OWIN Middleware; the token is generated successfully but i can't decode it; e.g. i cannot extract user name and password from it; Here is my configuration my start up code

var oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/api/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new SimpleAuthorizationServerProvider()
        };
        // Token Generation
        app.UseOAuthAuthorizationServer(oAuthAuthorizationServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

my code that is ued to send the token is

static async Task RunAsync(JObject token)
    {
        using (var client = new HttpClient())
        {
            client.Timeout = new TimeSpan(1000000000000);
            client.BaseAddress = new Uri("http://localhost/SampleApp/");
            client.DefaultRequestHeaders.Accept.Clear();
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token["token_type"].ToString(),
                token["access_token"].ToString());
  }}

my authetication code

var authenticationSchema = httpContext.Request.Headers["Authorization"];
            if (!String.IsNullOrWhiteSpace(authenticationSchema))
                authentication = AuthenticationHeaderValue.Parse(authenticationSchema);

if (authentication != null)
{
 var unencoded = Convert.FromBase64String(authentication.Parameter);
        var userpw = Encoding.GetEncoding("iso-8859-  1").GetString(unencoded);
        var creds = userpw.Split(':');
        return new Tuple<string, string>(creds[0], creds[1]);
}

and the code failed when trying to decode the code from base64 string note:- my sample token is 3K8vHKHA2ZsKfKbvzUbo4a2sat2JLzvvyxCZ0KSD6s1wUS3t3oDPXuQ89aTmGpsG4ZL8O0cr8M9EUeZGtdM6FBwR7gLFcLZkTaimFGKyyZMNce9trQavVTzs6gam6qach1rPTLv_gIYGgPmM-401PZsr89BIXw4acTpJL3KbXs8y7PQ-o-eTV2IA8euCVkqC02iEnAzmS0SwhBouISCC-HvcNpE2aNixg4JXEt8EslU you can see the attached for the exception

Answer 1

As far as I can see from the code, access token is sent plain to server; but you need to encode the access token on the client side like:

client.DefaultRequestHeaders.Authorization = 
    new AuthenticationHeaderValue(token["token_type"].ToString(),
        Convert.ToBase64String(Encoding.GetEncoding("iso-8859-1").GetBytes(token["access_token"].ToString())));

Then you can convert access token from base64 string on the server side. The access token string value you provided is not a valid Base64 string, so as expressed in the exception message.