如何修改令牌端点的响应体Owin的OAuth2在Asp.Net的Web API 2 [英] How to modify token endpoint response body with Owin OAuth2 in Asp.Net Web API 2
问题描述
我想从令牌端点响应修改响应体。
我试图拦截 /令牌用的MessageHandler请求,但它不能正常工作。
我能一些额外的信息添加到由重写 OAuthAuthorizationServerProvider.TokenEndpoint 法的反应,但我不能够创建自己的响应体。
有没有办法拦截 /令牌请求?
修改
我发现了如何从令牌端点的响应删除响应正文的内容,像这样: HttpContext.Current.Response.Sup pressContent = TRUE;
这似乎正确的方式来实现我的目标,但现在当我使用 context.AdditionalResponseParameters.Add()方法来添加我的自定义信息,在燮pressContent 阻止任何改变。
现在我有这样的事情:
//从令牌端点的响应卸下体
HttpContext.Current.Response.Sup pressContent = TRUE;
//添加自定义信息
context.AdditionalResponseParameters.Add(一,测试);
要简单地增加新项目的JSON令牌的响应,您可以使用 TokenEndpointResponse 不是 TokenEndpoint 的通知。
如果你正在寻找一种方式来完全替代由您自己一个人在的OAuth2授权服务器ppared令牌响应$ P $,有可悲的是没有简单的方法来做到这一点,因为 OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync 不调用 TokenEndpointResponse 的通知后检查 OAuthTokenEndpointContext.IsRequestCompleted 属性。
<一个href=\"http://katanaproject.$c$cplex.com/SourceControl/latest#src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs\" rel=\"nofollow\">http://katanaproject.$c$cplex.com/SourceControl/latest#src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs
这是一个已知的问题,但为时已晚把它列入卡塔纳3当我建议进行修复。
您应该给 Owin.Security.OpenIdConnect.Server 一试:这是 OAuthAuthorizationServerMiddleware 我与@manfredsteyer发展。
的https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev
当然,它包括正确的检查,以允许绕过默认令牌请求处理(这甚至分叉,当我固定的第一件事)。
I want to modify the response body from the token endpoint response.
I've tried to intercept the /Token request with a MessageHandler but it doesn't work.
I'm able to add some additional informations to the response by overriding the OAuthAuthorizationServerProvider.TokenEndpointmethod, but I'm not able to create my own response body.
Is there a way to intercept the /Token request?
Edit
I found out how to remove the response body content from the token endpoint response, like this: HttpContext.Current.Response.SuppressContent = true;
It seems the right way to achieve my goal, but now when I use the context.AdditionalResponseParameters.Add() method to add my custom information, the SuppressContent block any alterations.
Now I have something like this:
// Removing the body from the token endpoint response
HttpContext.Current.Response.SuppressContent = true;
// Add custom informations
context.AdditionalResponseParameters.Add("a", "test");
To simply add new items to the JSON token response, you can use TokenEndpointResponse instead of the TokenEndpoint notification.
If you're looking for a way to completely replace the token response prepared by the OAuth2 authorization server by your own one, there's sadly no easy way to do that because OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync doesn't check the OAuthTokenEndpointContext.IsRequestCompleted property after invoking the TokenEndpointResponse notification.
This is a known issue, but it was too late to include it in Katana 3 when I suggested to fix it.
You should give Owin.Security.OpenIdConnect.Server a try: it's an (experimental) fork of the OAuthAuthorizationServerMiddleware I'm developing with @manfredsteyer.
https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev
Of course, it includes the correct check to allow bypassing the default token request processing (this was even one of the first things I fixed when forking it).
这篇关于如何修改令牌端点的响应体Owin的OAuth2在Asp.Net的Web API 2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
