Implementing custom grant types in DotNetOpenAuth

571 views Asked by At

Using DotNetOpenAuth, we have successfully implemented several standard OAuth 2.0 grant types on our authorization server.

We now would like to implement a custom grant_type, preferably without modifying the DotNetOpenAuth source itself.

I could handle it manually like this:

public async Task<ActionResult> Token()
{
    if (Request["grant_type"] == "my_custom_grant")
    {
        if(InvalidClientCredentials)
            return ErrorJson();

        var user = FindUserWithSpecialCode(Request["special_code"]);

        if (client.IsAlreadyAuthorizedForUser(user))
            return Json(new { access_token = "", token_type = "bearer", expires_in = 1800 });
        else
            return ErrorJson();
    }

    HttpResponseMessage response = await AuthorizationServer.HandleTokenRequestAsync(Request, Response.ClientDisconnectedToken);
    return response.AsActionResultMvc5();
}

But it's a bit hacky and I'm worried about security.

I've seen custom grant types are supported in other OAuth libraries, but is this possible with DotNetOpenAuth?

0

There are 0 answers