| GrantClientCredentials(OAuthGrantClientCredentialsContext) |
Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials".
This occurs when a registered client application wishes to acquire an "access_token"
to interact with protected resources on it's own behalf, rather than on behalf
of an authenticated user. If the web application supports the client credentials
it may assume the context.ClientId has been validated by the ValidateClientAuthentication
call. To issue an access token the context.Validated must be called with a new
ticket containing the claims about the client application which should be associated
with the access token. The application should take appropriate measures to ensure
that the endpoint isn’t abused by malicious callers. The default behavior is
to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.4.2
|
| GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext) |
Called when a request to the Token endpoint arrives with a "grant_type" of "password".
This occurs when the user has provided name and password credentials directly
into the client application's user interface, and the client application is using
those to acquire an "access_token" and optional "refresh_token". If the web application
supports the resource owner credentials grant type it must validate the context.Username
and context.Password as appropriate. To issue an access token the context.Validated
must be called with a new ticket containing the claims about the resource owner
which should be associated with the access token. The application should take
appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2
|
| TokenEndpoint(OAuthTokenEndpointContext) |
Called at the final stage of a successful Token endpoint request. An application
may implement this call in order to do any final modification of the claims being
used to issue access or refresh tokens. This call may also be used in order to
add additional response parameters to the Token endpoint's json response body.
|
| ValidateClientAuthentication(OAuthValidateClientAuthenticationContext) |
Called to validate that the origin of the request is a registered "client_id",
and that the correct credentials for that client are present on the request.
If the web application accepts Basic authentication credentials, context.TryGetBasicCredentials(out
clientId, out clientSecret) may be called to acquire those values if present
in the request header. If the web application accepts "client_id" and "client_secret"
as form encoded POST parameters, context.TryGetFormCredentials(out clientId,
out clientSecret) may be called to acquire those values if present in the request
body. If context.Validated is not called the request will not proceed further.
|