public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Rejected( error: "unsupported_grant_type", description: "Only password and refresh token grant types " + "are accepted by this authorization server"); } return Task.FromResult<object>(null); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization server uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Rejected( error: "unsupported_grant_type", description: "Only authorization code and refresh token grant types " + "are accepted by this authorization server"); } return Task.FromResult<object>(null); }