Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId and clientSecret coming null while trying to generate token from Postman

Question

I am using OWIN security for my asp.net web api 2 application and here is my startup class setting for auth.

 public void ConfigureOAuth(IAppBuilder app)
    {

        var oAuthServerOptions = new OAuthAuthorizationServerOptions
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new CustomAuthorizationServerProvider()
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(oAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }

And here is CustomAuthorizationServerProvider class implementation,

public class CustomAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.TryGetFormCredentials(out var clientId, out var clientSecret);

        if (clientId == "987459827985" && clientSecret == "lkfjldsfjkld")
        {
            context.Validated(clientId);
        }

        return base.ValidateClientAuthentication(context);
    }

    public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
    {
        var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
        oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "TestClient"));
        var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
        context.Validated(ticket);
        return base.GrantClientCredentials(context);
    }
}

Now, while trying to generate token using endpoint http://localhost:8080/token, I am getting NULL for both clientId and clientSecret and hence I am getting "error": "invalid_client". What I am missing here?

Edit: EDIT

When I am using raw as body, I can see token generation is working and both client and secret have value. Why it is not working for form-data?

Resource owner password credentials does not provide a client ID. please see this link :https://www.codeproject.com/Articles/1187872/Token-Based-Authentication-for-Web-API-where-Legac — Amin Golmahalleh, Apr 28 '20 at 07:40

score 1 · Accepted Answer · answered Apr 28 '20 at 09:14

Check the postman documentation: Sending API requests

Most importantly this:

Website forms often send data to APIs as multipart/form-data. You can replicate this in Postman using the form-data Body tab. Form data allows you to send key-value pairs, and specify the content type.

With a quick search around the web, there needs to be a special type of handling for the APIs to bind the multipart/form-data

i.e. How to set up a Web API controller for multipart/form-data

There is even a plugin for that

Content type is important.

Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId and clientSecret coming null while trying to generate token from Postman

1 Answers1