Using DotNetOpenAuth, we have successfully implemented several standard OAuth 2.0 grant types on our authorization server.
We now would like to implement a custom grant_type
, preferably without modifying the DotNetOpenAuth source itself.
I could handle it manually like this:
public async Task<ActionResult> Token()
{
if (Request["grant_type"] == "my_custom_grant")
{
if(InvalidClientCredentials)
return ErrorJson();
var user = FindUserWithSpecialCode(Request["special_code"]);
if (client.IsAlreadyAuthorizedForUser(user))
return Json(new { access_token = "", token_type = "bearer", expires_in = 1800 });
else
return ErrorJson();
}
HttpResponseMessage response = await AuthorizationServer.HandleTokenRequestAsync(Request, Response.ClientDisconnectedToken);
return response.AsActionResultMvc5();
}
But it's a bit hacky and I'm worried about security.
I've seen custom grant types are supported in other OAuth libraries, but is this possible with DotNetOpenAuth?