0

I have implemented the authentication with OWIN and bearer token and it works fine when the user login.

When \Token URL is called and username/password is passed to it, that gives token in response. But I would like to store this token in Database so instead of making another call to the server can I get the token in code? I am not able to get the value of the generated token in the ticket or any other object.

             public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{ 
return Task.Factory.StartNew(() =>
 {

var username = context.UserName;

            var password = context.Password;


            var userService = new UserService();
            User user = userService.GetUserByCredentials(username, password);
            if (user != null)
            {
                var claims = new List<Claim>()
                {
                    new Claim(ClaimTypes.Name, user.userName),
                    new Claim("UserID", user.userName)
                };

                ClaimsIdentity oAutIdentity = new ClaimsIdentity(claims, Startup.OAuthOptions.AuthenticationType);


              var ticket = new AuthenticationTicket(oAutIdentity, new AuthenticationProperties() { });

         context.Validated(ticket);

            }
            else
            {
                context.SetError("invalid_grant", "Error");
            }
        });
    }

I am debugging the code but surprisingly the access_token seems to be visible nowhere only getting it in postman results.

devedv
  • 562
  • 2
  • 15
  • 45

2 Answers2

1

The token is not valid forever. A new token is given for every authentication and is valid for a set amount of time. There is no use in saving this token to the database.

Icculus018
  • 1,018
  • 11
  • 19
  • Actually, in my scenario, I have the additional business logic checks at login only username & password verification is not enough. With OAuth2.0 I can only pass userName and password not other parameters so I am required to store the token to run other business logic. I know the token will expire. Do you have any idea how can I obtain token through code? – devedv Apr 09 '19 at 14:51
  • You mention you see the token in postman. What url are you placing into postman to get those results? I guess i am asking at what stage of authentication are you seeing a response from the API with the token included. – Icculus018 Apr 09 '19 at 14:56
  • I am calling http:localhost/token and sending username & password – devedv Apr 09 '19 at 15:37
  • This might be the route you need to go with this: https://stackoverflow.com/questions/38494279/how-do-i-get-an-oauth-2-0-authentication-token-in-c-sharp – Icculus018 Apr 09 '19 at 16:04
0

Sure you can. You just need to override the method TokenEndpointResponseinside your authServerProvider : OAuthAuthorizationServerProvider.

Inside OAuthTokenEndpointResponseContext, there is a field called accessToken that you can retrieve the token value.

   public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
        {
            // Summary:
            //     Called before the TokenEndpoint redirects its response to the caller.
            return Task.FromResult<object>(null);
        }
hongguan
  • 520
  • 2
  • 12