Preflight on oauth2 endpoint has no body and returns unsupported grant type

Question

My asp.net owin api has the following middleware to define the oauth2 tken endpoint.

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
            {
                AllowInsecureHttp = _env.IsDevelopment,
                TokenEndpointPath = new PathString("/oauth2/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(24*60),
                Provider = _oAuthAuthorizationServerProvider,
                AccessTokenFormat = new CustomJwtFormat(_issuer, _secret)
            });

When trying to log through my web app, the http post request happens after a http options preflight request that the browser initiates.

However, the options request failed with error message "unsupported_grant_type" as this preflight request initiated by the browser has no body.

Answer 1

As per that post, the solution is to override MatchEndpoint in our derived class of OAuthAuthorizationServerProvider:

public override Task MatchEndpoint(OAuthMatchEndpointContext context)
        {
            if (context.OwinContext.Request.Method == "OPTIONS" && context.IsTokenEndpoint)
            {
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "POST" });
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "accept", "authorization", "content-type" });
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
                context.OwinContext.Response.StatusCode = 200;
                context.RequestCompleted();

                return Task.FromResult<object>(null);
            }

            return base.MatchEndpoint(context);
        }