Reputation: 11364
Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId and clientSecret coming null while trying to generate token from Postman
I am using OWIN security for my asp.net web api 2 application and here is my startup class setting for auth.
public void ConfigureOAuth(IAppBuilder app)
{
var oAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new CustomAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
And here is CustomAuthorizationServerProvider class implementation,
public class CustomAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.TryGetFormCredentials(out var clientId, out var clientSecret);
if (clientId == "987459827985" && clientSecret == "lkfjldsfjkld")
{
context.Validated(clientId);
}
return base.ValidateClientAuthentication(context);
}
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "TestClient"));
var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
context.Validated(ticket);
return base.GrantClientCredentials(context);
}
}
Now, while trying to generate token using endpoint http://localhost:8080/token, I am getting NULL for both clientId and clientSecret and hence I am getting "error": "invalid_client". What I am missing here?
Edit: EDIT
When I am using raw as body, I can see token generation is working and both client and secret have value. Why it is not working for form-data?
Upvotes: 1
Views: 1386
Answers (1)
Reputation: 26450
Check the postman documentation: Sending API requests
Most importantly this:
Website forms often send data to APIs as multipart/form-data. You can replicate this in Postman using the form-data Body tab. Form data allows you to send key-value pairs, and specify the content type.
With a quick search around the web, there needs to be a special type of handling for the APIs to bind the multipart/form-data
i.e. How to set up a Web API controller for multipart/form-data
There is even a plugin for that
Content type is important.
Upvotes: 1
Related Questions
- oAuth2 token request failing using C# HttpClient but working in Postman
- Getting "error": "unsupported_grant_type" when trying to get a JWT by calling an OWIN OAuth secured Web Api via Postman
- C# webapi authentication token ERROR tested with PostMan
- OAuth Bearer Token Not Working for WebApi
- Cant get the asp.net Web API token using http client
- OAuth2.0-protected Azure api: Cant get auth token in Postman
- OAuth bearer token not working
- Owin Bearer Token Not Working for WebApi
- client_id is always null in ValidateClientAuthentication
- Web API 2 OWIN Bearer token authentication - AccessTokenFormat null?