Retrieve information from Bearer Token

553 views Asked by At

I have an MVC website that is calling a WebAPI in another project. The WebAPI uses OWIN and implements OAuth security. I will be using a Bearer Token to communicate between the MVC and WebAPI applications. My website requires the user to be in AD, which I am checking in the GrantResourceOwnerCredentials method. If the user is authenticated, I would like to retrieve some information about them on the database and then pass that to the client for display on the website. I put this information in the ClaimsIdentity as a new Claim.

This seems to be adding correctly to the ClaimsIdentity on the WebAPI. However, I cannot figure out how to retrieve this information on the MVC website. When I pull the ClaimsIdentity on the website, the only Claim present is the Username, which it retrieved from the login form.

Is it not possible to pass information this way?

1

There are 1 answers

0
leastprivilege On BEST ANSWER

Access tokens are not meant to be consumed by the requester. Add a Web API endpoint that echoes back the claims to the client as a workaround.