I'm trying to add authorization code flow to my OWIN based application.
My setup is:
Startup.cs
// Enable JWT OAuth Authorization Server
var opt = new OAuthAuthorizationServerOptions()
{
TokenEndpointPath = new PathString("/oauth/token"),
AuthorizeEndpointPath = new PathString("/oauth/authorize"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(5),
Provider = new MyOAuthAuthorizationServerProvider(),
RefreshTokenProvider = new MyRefreshTokenProvider(),
AuthorizationCodeProvider = new MyAuthorizationCodeProvider(),
#if DEBUG
AllowInsecureHttp = true
#endif
};
opt.AccessTokenFormat = new MyJwtFormat(opt);
app.UseOAuthAuthorizationServer(opt);
MyAuthorizationCodeProvider.cs
public class MyAuthorizationCodeProvider : IAuthenticationTokenProvider
{
private readonly ConcurrentDictionary<string, string> _authenticationCodes = new ConcurrentDictionary<string, string>(StringComparer.Ordinal);
public MyAuthorizationCodeProvider()
{
}
public void Create(AuthenticationTokenCreateContext context)
{
context.SetToken(Guid.NewGuid().ToString("n") + Guid.NewGuid().ToString("n"));
_authenticationCodes[context.Token] = context.SerializeTicket();
}
public Task CreateAsync(AuthenticationTokenCreateContext context)
{
Create(context);
return Task.FromResult(0);
}
public void Receive(AuthenticationTokenReceiveContext context)
{
string value;
_authenticationCodes.TryGetValue(context.Token, out value);
context.DeserializeTicket(value);
}
public Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
Receive(context);
return Task.FromResult(0);
}
}
While the password grant flow works, as well as it does the refresh token flow, the authorization code flow always returns an "invalid_request" when I request an HTTP GET to
I can't even debug my MyAuthorizationCodeProvider (no breakpoint hit in Create/Receive methods)
I am surely missing something big :-) but I can't figure out what....
