public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Rejected(
error: "unsupported_grant_type",
description: "Only password and refresh token grant types " +
"are accepted by this authorization server");
}
return Task.FromResult<object>(null);
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization server uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Rejected(
error: "unsupported_grant_type",
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
}
return Task.FromResult<object>(null);
}
