c# asp.net Web API Owin Json Token

Question

Hey I just programmed a token based authentication following this tutorial. So everything goes fine as long I send my POST request as x-www-form-urlencoded. So now my teammate needs to get the token with a json, but all he gets is "unsupported grant_type". So can I change the acceptable type for the token or do I have to find another solution?

My configuration looks like this:

public void Configuration(IAppBuilder app)
    {
        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        var myProvider = new MyAuthorizationServerProvider();
        OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = myProvider
        };

        app.UseOAuthAuthorizationServer(options);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        HttpConfiguration config = new HttpConfiguration();
        WebApiConfig.Register(config);
        }
    }

This is how my request look like keep in mind this doesnt work with json And with a JSON it doesnt work: Best regards :)

are you sending `grant_type` as `password` in your request..?? — Vivek Singh, Feb 28 '17 at 10:59
added a picture of my request in my question. Is it right so? — Johannes Gnadlinger, Feb 28 '17 at 15:19
Yes it's correct...now use the access_token in your your header authenticate your API request... — Vivek Singh, Feb 28 '17 at 16:04
Eg: Authorization : bearer access_token...in the header of postman — Vivek Singh, Feb 28 '17 at 16:06
yeah I already got this but the problem is that this only works with x-www-form-urlencoded and not with JSON — Johannes Gnadlinger, Feb 28 '17 at 16:07
Yes...its how the api for accessing the token...is written...in web api.. — Vivek Singh, Feb 28 '17 at 16:11
No i dont think so....but why you want to post it as JSON...?? — Vivek Singh, Feb 28 '17 at 16:44
Because the whole Rest service works with json... And my teammember only know how to send json with swift and not Form urlencoded — Johannes Gnadlinger, Feb 28 '17 at 16:48
According to the following question/answer (which is somewhat old) it isn't possible without overloading OAuthAuthorizationServerMiddleware, unfortunately no example is provided. http://stackoverflow.com/questions/19645171/how-do-you-set-katana-project-to-allow-token-requests-in-json-format — devlop, Feb 28 '17 at 16:49

Vivek Singh · Accepted Answer · 2017-02-28T17:02:17.407

The reason behind the use of application/x-www-form-urlencoded as Content-Type is simple: the OAuth2 specification (RFC 6749) requires this content type for token requests.

Any other content-type will break OAuth2 compliant clients compatibility. I advice you to not change this standard behavior.

The default implementation of OAuthAuthorizationServerMiddleware (more precisely the internally used OAuthAuthorizationServerHandler) from Microsoft.Owin.Security.OAuth just ignores the Content-Type header and tries to read the request body as a form anyway.

For Another way , In RequestBody you can write, grant_type=password&username=yourUserName&password=MyPassword123,

Also make sure after grant_type=password&username=username&password=password there is no space or line break.

yeah worked for me now... sorry that it took me so long^^ – Johannes Gnadlinger Mar 04 '17 at 16:11 — Johannes Gnadlinger, Mar 04 '17 at 16:11

c# asp.net Web API Owin Json Token

1 Answers1