Clever Geek Handbook

Web API Authentication Response Properties

I am developing a web service using ASP.NET Web API. I am using ASP.NET ID to generate authentication and token. I need to return an extended property in a json token response. So far, I can return an extended string property to which I am sending a json string obtained by serializing a custom class object to json. Below is the code of my provider:

public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        await Task.Run(() =>
        {
            context.Validated();
        });            
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        await Task.Run(() =>
        {
            var loginResponse = new AccountManager().Login(context.UserName, context.Password);

            if (loginResponse == null)
            {
                context.SetError("invalid_grant", Resources.Messages.InvalidGrant);
                return;
            }

            var identity = new ClaimsIdentity(context.Options.AuthenticationType);

            IDictionary<string, string> data = new Dictionary<string, string>
            {
                { "userData", JsonConvert.SerializeObject(loginResponse) }
            };
            AuthenticationProperties properties = new AuthenticationProperties(data);

            Microsoft.Owin.Security.AuthenticationTicket ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, properties);
            context.Validated(ticket);
        });            
    }

    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }
}

Now in my answer I have a property like. "userData" : "<Json String>"

, whereas I wanted to assign json object (not json string) to userData. Is it possible?

+3


source to share


1 answer


I do not recommend embedding a JSON object inside the ticket properties, it will greatly increase the size of the token and you will be passing this token with every request. You might be better off defining a secure autonomous endpoint to perform this task after obtaining an access token. You will receive an additional Get request after a successful login, but you will keep the minimum token size.



0


source






More articles:


All Articles