WeavyOAuthProvider Class

Namespace:
Weavy.Web.Owin.TokenAuthentication
Assembly:
Weavy.Web.dll

Custom implementation of IOAuthAuthorizationServerProvider used by Authorization Server to communicate with the web application while processing requests.

public class WeavyOAuthProvider : OAuthAuthorizationServerProvider
Inheritance:
System.Object → WeavyOAuthProvider

Constructors

WeavyOAuthProvider()

Methods

GrantClientCredentials(OAuthGrantClientCredentialsContext) Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.4.2
GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext) Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and optional "refresh_token". If the web application supports the resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2
TokenEndpoint(OAuthTokenEndpointContext) Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional response parameters to the Token endpoint's json response body.
ValidateClientAuthentication(OAuthValidateClientAuthenticationContext) Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are present on the request. If the web application accepts Basic authentication credentials, context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web application accepts "client_id" and "client_secret" as form encoded POST parameters, context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body. If context.Validated is not called the request will not proceed further.

Extension Methods

Serialize(object) Serializes an object, or graph of connected objects, to a byte array.
SerializeToJson(object, Formatting?, JsonSerializerSettings) Serializes an object, or graph of connected objects, to a json string.
IsValid(object) Determines whether the specified object is valid by evaluating each ValidationAttribute instance that is attached to the object type.