6

question related to this post here: Configure the authorization server endpoint.

Using the above example I am able to get token. previously it was possible to get additional information by over riding 

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
        {
            foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
            {
                context.AdditionalResponseParameters.Add(property.Key, property.Value);
            }

            return Task.FromResult<object>(null);
        }

how do you achieve that in the current implementation of 

public override Task TokenEndpoint(TokenEndpointContext context){
}

Thanks!

Community
  • 1
  • 1
BHR
  • 193
  • 1
  • 9

1 Answers1

6

Your best option is to directly use the ApplyTokenResponse event to update the JSON payload returned to the client application. Unlike AdditionalResponseParameters, it allows you to add - or remove - virtually anything: objects, arrays, strings, integers...

Here's how you can do that:

public override Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
    // Only add the custom parameters if the response is not a token error response.
    if (string.IsNullOrEmpty(context.Error))
    {
        context.Response["custom-property-1"] = "custom-value";

        context.Response["custom-property-2"] = JArray.FromObject(new[]
        {
            "custom-value-1",
            "custom-value-2"
        });
    }

    return Task.FromResult(0);
}
Kévin Chalet
  • 39,509
  • 7
  • 121
  • 131
  • Merci beaucoup @Pinpoint!. One other thing I was meaning to ask you is that, I kept getting 500 server error when I tried to access resources using http.get() method from my angular client. very hard to debug but I know this is happening because of the app.UseJwtAuthentication. any idea why it is throwing 500 without giving me a chance to react? – BHR Dec 04 '15 at 18:38
  • Pas de quoi! Actually, the 500 response is a "bug" that was not fixed for RC1 but is now fixed in the nightly builds: https://github.com/aspnet/Security/issues/411. To determine why the JWT bearer middleware is failing, you can enable logging: http://docs.asp.net/en/latest/fundamentals/logging.html. FYI, the main point of failure is due to the `resources` parameter not being used: http://stackoverflow.com/a/32801010/542757. – Kévin Chalet Dec 04 '15 at 18:53
  • FYI, we'll stop using JWT access tokens by default in the next beta: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/issues/185. – Kévin Chalet Dec 04 '15 at 18:55
  • when will next beta be available? because validation middleware is exactly what I need. As my resource server and the authorization server is one and the same. – BHR Dec 04 '15 at 19:06
  • No precise date yet, there are still many things to do for beta5 (and some are open to contributions ;)). You can follow the progress here: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/milestones/1.0.0-beta5. – Kévin Chalet Dec 04 '15 at 19:09
  • Updated to use the new event name used by ASOS beta5 (for ASP.NET Core RC2). – Kévin Chalet May 19 '16 at 14:57
  • For future users: I ended up using `context.Response.AddParameter()` to handle my needs (rather than `context.Response["..."] = ...`. – Tyler Forsythe Jan 22 '23 at 18:01