public override Task ValidateTokenRequest(ValidateTokenRequestNotification notification)
{
if (notification.Request.IsPasswordGrantType() || notification.Request.IsRefreshTokenGrantType())
{
notification.Validated();
return(Task.FromResult <object>(null));
}
notification.Rejected(
error: "unsupported_grant_type",
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
return(Task.FromResult <object>(null));
}
public override Task ValidateTokenRequest(ValidateTokenRequestNotification notification)
{
if (notification.Request.IsPasswordGrantType() || notification.Request.IsRefreshTokenGrantType())
{
notification.Validated();
return Task.FromResult<object>(null);
}
notification.Rejected(
error: "unsupported_grant_type",
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
return Task.FromResult<object>(null);
}
public override Task ValidateTokenRequest(ValidateTokenRequestNotification notification)
{
// Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization server uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (notification.Request.IsAuthorizationCodeGrantType() || notification.Request.IsRefreshTokenGrantType())
{
notification.Validated();
return(Task.FromResult <object>(null));
}
notification.SetError(
error: "unsupported_grant_type",
errorDescription: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
return(Task.FromResult <object>(null));
}
