public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// 1. Reading the allowed origin value for this client from the Owin context, then we use this value
// to add the header “Access-Control-Allow-Origin” to Owin context response, by doing this and for
// any JavaScript application we’ll prevent using the same client id to build another JavaScript
// application hosted on another domain; because the origin for all requests coming from this app will be
// from a different domain and the back-end API will return 405 status.
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin") ?? "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
// 2. We’ll check the username/password for the resource owner if it is valid, and if this is the case
// we’ll generate set of claims for this user along with authentication properties which contains the client
// id and userName, those properties are needed for the next steps.
var usuarioDomain = new UsuarioDomain();
var usuario = await usuarioDomain.FindAsync(context.UserName, context.Password);
if (usuario == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
// 3. Retorna Claims do usuário
var claimsCollection = await usuarioDomain.GetClaimsByUsernameAsync(usuario.UserName);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
if (claimsCollection != null)
identity.AddClaims(claimsCollection);
// MOCKING START
identity.AddClaim(new Claim(ClaimTypes.Name, usuario.UserName));
// MOCKING END
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{"as:client_id", context.ClientId ?? string.Empty},
{"userName", context.UserName}
});
// 4. Now the access token will be generated behind the scenes when we call “context.Validated(ticket)”
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
