public override async Task ValidateClientAuthentication( ValidateClientAuthenticationNotification notification) { await Task.Delay(1); notification.Validated(); }
public override async Task ValidateClientAuthentication(ValidateClientAuthenticationNotification notification) { notification.ClientId = string.Empty; notification.Validated(); await Task.FromResult<object>(null); notification.Validated(); }
public override async Task ValidateClientAuthentication(ValidateClientAuthenticationNotification notification) { notification.ClientId = string.Empty; notification.Validated(); await Task.FromResult <object>(null); notification.Validated(); }
public override Task ValidateClientAuthentication( ValidateClientAuthenticationNotification notification) { // // TODO Validate the client app // if valid, then... notification.Validated(); return(Task.FromResult <object>(null)); }
public override Task ValidateClientAuthentication( ValidateClientAuthenticationNotification notification) { // Note: if you're using the beta2 version from NuGet.org, // make sure to set ClientId to string.Empty to work around // a bug that has been fixed in beta3 (for ASP.NET beta8). notification.ClientId = string.Empty; notification.Validated(); return(Task.FromResult <object>(null)); }
public override async Task ValidateClientAuthentication(ValidateClientAuthenticationNotification notification) { // Note: client authentication is not mandatory for non-confidential client applications like mobile apps // (except when using the client credentials grant type) but this authorization server uses a safer policy // that makes client authentication mandatory and returns an error if client_id or client_secret is missing. // You may consider relaxing it to support the resource owner password credentials grant type // with JavaScript or desktop applications, where client credentials cannot be safely stored. if (string.IsNullOrEmpty(notification.ClientId) || string.IsNullOrEmpty(notification.ClientSecret)) { notification.SetError( error: "invalid_request", errorDescription: "Missing credentials: ensure that your credentials were correctly " + "flowed in the request body or in the authorization header"); return; } var context = notification.HttpContext.RequestServices.GetRequiredService <ApplicationContext>(); // Retrieve the application details corresponding to the requested client_id. var application = await(from entity in context.Applications where entity.ApplicationID == notification.ClientId select entity).SingleOrDefaultAsync(notification.HttpContext.RequestAborted); if (application == null) { notification.SetError( error: "invalid_client", errorDescription: "Application not found in the database: ensure that your client_id is correct"); return; } if (!string.Equals(notification.ClientSecret, application.Secret, StringComparison.Ordinal)) { notification.SetError( error: "invalid_client", errorDescription: "Invalid credentials: ensure that you specified a correct client_secret"); return; } notification.Validated(); }
public override Task ValidateClientAuthentication( ValidateClientAuthenticationNotification notification) { notification.Validated(); return(Task.FromResult <object>(null)); }