Reputation: 1326
How do I verify the bearer token in DotNetOpenAuth
I'm struggling to find any documentation for DotNetOpenAuth on how to do this.
I know the client sends the bearer token, but how do I verify it (other than verifying it's in the appropriate header). How do I verify it's valid, or that is hasn't expired? Is there a hook to allow DotNetOpenAuth to do this for me? I don't see it.
Thanks.
Upvotes: 4
Views: 1160
Answers (1)
Reputation: 1326
So, I figured it out. Hopefully this will help anyone else who finds this.
Part of it was me being a n00b to OAuth. I setup my Authorization server just fine, but didn't realize (at first) that the ResourceServer is responsible for validating the token and validating that the access to the requested resource is still valid. Once I realized this it was easy to find the ResourceServer class in DONA, and you can parse the BEARER token with two lines of code:
ResourceServer server = new ResourceServer(new StandardAccessTokenAnalyzer(signingKey, encryptionKey));
AccessToken token = server.GetAccessToken();
The returned token will have the date it was issues and the user it was issued under, as well as any scope requests for you to validate access.
Hope this helps anyone like me who struggled with this!
Upvotes: 2
Related Questions
- Asp.Net Core 2 Validating bearer token
- How to get Token from DotNetOpenAuth OAuthAuthorizationServer sample with C#?
- How to Consume/Validate Token Issued by AspNet.Security.OpenIdConnect.Server (RC1)?
- GetAccessToken gives Bad Data exception
- DotNetOpenAuth not working for oauth2
- How to log in with DotNetOpenAuth with known credentials?
- DotNetOpenAuth OAuth 2.0 Authorization Server with Password grant
- DotNetOpenAuth: Getting the sample OAuth 2.0 AuthorizationServer Working
- dotnetopenauth: unsolicited assertion only works with a dotnetopenauth relying party
- oauth_verifier is not passed using DotNetOpenAuth's Webconsumer