28

I successfully implemented my custom OAuthAuthorizationServerProvider. But when I log in and retrieve a token, my client doesn't have any idea of the user's roles, claims, etc.

I currently added a webapi controller to return the list of the principal's claims, but I'm not really happy with that.

When requesting a token, the current response looks like:

{
    access_token: "qefelgrebjhzefilrgo4583535",
    token_type: "bearer",
    expires_in: 59
}

Q> How can make it return something like the following snippet?

{
    access_token: "qefelgrebjhzefilrgo4583535",
    token_type: "bearer",
    expires_in: 59,
    user: {
        name: 'foo',
        role: 'bar'
    }
}

My progress so far:

The documentation of OAuthAuthorizationServerProvider#TokenEndpoint(OAuthTokenEndpointContext) says:

Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional response parameters to the Token endpoint's json response body.

I couldn't find any example of how to customize the response, and asp-net Identity's source code is not yet released, so I'm quite stuck.

dgn
  • 1,213
  • 2
  • 13
  • 20

2 Answers2

39

May be you are looking for TokenEndpoint method override of OAuthAuthorizationServerProvider.

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
    foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
    {
        context.AdditionalResponseParameters.Add(property.Key, property.Value);
    }

    return Task.FromResult<object>(null);
}
JohnnyHK
  • 305,182
  • 66
  • 621
  • 471
jd4u
  • 5,789
  • 2
  • 28
  • 28
  • Thanks, that's exactly what I was looking for. I found the method but I didn't know how to add the properties to the response. I'll try that and accept the answers it that does the job – dgn Jun 07 '14 at 19:25
  • 2
    Your code works well, but when I try to return objects instead of top level values, I get an error 500. IIRC the spec (for OAuth2 or something) says that the token and stuff have to be top level values, so I guess that's why. Still I hoped there was more freedom for custom values. Anyway, that's the answer to my question, Thanks! – dgn Jun 10 '14 at 10:18
  • 3
    @scenario // Check out `CreateProperties` method in ApplicationOauthProvider.cs file and its related usage. – Youngjae Jun 25 '14 at 09:02
  • Thanks, I wasn't sure about the right way to pass my own properties to `#TokenEndpoint`. Doesn't help with returning complex objects though... I'll just try to avoid doing weird stuff and stick to the standards – dgn Jun 25 '14 at 11:33
  • @Youngjae's answer is correct: add a parameter to the create properties function for each thing you want to return and add it's value to the IDictionary object being created in the CreateProperties function – EeKay Sep 23 '15 at 08:05
  • should that return statement be there? I get an error: "Error: return keyword must not be followed by an object expression" when it is there. I think, since this methods return type is Task, it should not return anything. – Kildareflare Apr 15 '16 at 23:58
2

I believe you need to override TokenEndpointResponse on OAuthAuthorizationServerProvider class :

    public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
    {
        context.AdditionalResponseParameters.Add("Key","Value");
        return base.TokenEndpointResponse(context);
    }
Behzad Bahmanyar
  • 6,195
  • 4
  • 35
  • 41