OWIN OAuth 2.0 Authorization Server

Posted chucklu

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OWIN OAuth 2.0 Authorization Server相关的知识,希望对你有一定的参考价值。

https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

The OAuth 2.0 framework enables a third-party app to obtain limited access to an HTTP service. Instead of using the resource owner‘s credentials to access a protected resource, the client obtains an access token (which is a string denoting a specific scope, lifetime, and other access attributes). Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner.

This tutorial will cover:

  • How to create an authorization server to support four authorization grant types and refresh tokens:
    • Authorization code grant
    • Implicit Grant
    • Resource Owner Password Credentials Grant
    • Client Credentials Grant
  • Creating a resource server which is protected by an access token.
  • Creating OAuth 2.0 clients.
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
     {Provider = new OAuthAuthorizationServerProvider
     {
         OnValidateClientRedirectUri = ValidateClientRedirectUri,
         OnValidateClientAuthentication = ValidateClientAuthentication,
         OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
         OnGrantClientCredentials = GrantClientCredetails
     }};

// Summary:
// Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials".
// This occurs when a registered client application wishes to acquire an "access_token"
// to interact with protected resources on it‘s own behalf, rather than on behalf
// of an authenticated user. If the web application supports the client credentials
// it may assume the context.ClientId has been validated by the ValidateClientAuthentication
// call. To issue an access token the context.Validated must be called with a new
// ticket containing the claims about the client application which should be associated
// with the access token. The application should take appropriate measures to ensure
// that the endpoint isn’t abused by malicious callers. The default behavior is
// to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.4.2

public Func<OAuthGrantClientCredentialsContext, Task> OnGrantClientCredentials { get; set; }

 

以上是关于OWIN OAuth 2.0 Authorization Server的主要内容,如果未能解决你的问题,请参考以下文章

Owin OAuth 2.0密码授权流程

OWIN OAuth 2.0 Authorization Server

WebApi使用Token(OAUTH 2.0方式)

“错误:” “Unsupported_grant_type” 使用 OAuth 2.0,Owin。密码授予和授权授予

OAuth 2.0 - 自己网站的帐户管理

OpenId Connect 问题 - 授权代码流 (OAuth 2.0)