public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization server uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Rejected( error: "unsupported_grant_type", description: "Only authorization code and refresh token grant types " + "are accepted by this authorization server"); } return(Task.FromResult <object>(null)); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Only allow resource owner credential flow if (!context.Request.IsPasswordGrantType()) { context.Rejected( error: "unsupported_grant_type", description: "Only resource owner credentials " + "are accepted by this authorization server"); } context.Validated(); return(Task.FromResult <object>(null)); }