Last post Sep 25, 2014 10:23 AM by William Klein
Sep 19, 2014 09:38 AM|William Klein|LINK
I've got a WebAPI 2 service that I would like to have a security setup very similar to the
Google Service Accounts. The consuming application would send a JWT to the token endpoint to get an access token which would then be sent on all subsequent calls to the service until
that token expires.
How would one set this up using OWIN?
Sep 19, 2014 09:53 AM|BrockAllen|LINK
You need an authorization server that supports custom assertions using the custom grant type extension. I think the katana middleware supports this. You'd need to implement the methods on the provider for the custom grant type as well as validating the client
Sep 19, 2014 10:39 AM|William Klein|LINK
I believe that is what I've been trying to do using Katana over the last couple days however I have no idea if i'm doing it correctly.
First I tried using app.UseOAuthAuthorizationServer and providing a custom implementation of the OAuthAuthorizationServerProvider overriding the GrantCustomExtension method, which I believe is what you are
saying. However I don't appear to have access to the claims in provided in the JWT.
I also tried using app.UseJwtBearerAuthentication and providing a custom implementation of IOAuthBearerAuthenticationProvider however, I don't have access to the grant_type at all it seems and it appears that I can't specify
the token endpoint in the options object provided to the above method, so all I was getting was 404 errors.
At this point i'm kinda looking for an example so that I can make sure I put this together correctly.
Sep 19, 2014 10:50 AM|BrockAllen|LINK
I don't know of any examples in katana that do custom grant types. I'd suggest asking in Jabbr in the OWIN room. There's a guy that hangs out there that loves to help people with the katana oauth2 middleware.
Sep 25, 2014 10:23 AM|William Klein|LINK
I managed to get things working. Example available on the Katana / OWIN boards: https://katanaproject.codeplex.com/discussions/567884