2

Hey I just programmed a token based authentication following this tutorial. So everything goes fine as long I send my POST request as x-www-form-urlencoded. So now my teammate needs to get the token with a json, but all he gets is "unsupported grant_type". So can I change the acceptable type for the token or do I have to find another solution?

My configuration looks like this:

public void Configuration(IAppBuilder app)
    {
        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        var myProvider = new MyAuthorizationServerProvider();
        OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = myProvider
        };

        app.UseOAuthAuthorizationServer(options);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        HttpConfiguration config = new HttpConfiguration();
        WebApiConfig.Register(config);
        }
    }

This is how my request look like keep in mind this doesnt work with json This is how my request look like keep in mind this doesnt work with json And with a JSON it doesnt work: enter image description here Best regards :)

Improve this question
10
  • are you sending grant_type as password in your request..?? Commented Feb 28, 2017 at 10:59
  • added a picture of my request in my question. Is it right so? Commented Feb 28, 2017 at 15:19
  • Yes it's correct...now use the access_token in your your header authenticate your API request... Commented Feb 28, 2017 at 16:04
  • Eg: Authorization : bearer access_token...in the header of postman Commented Feb 28, 2017 at 16:06
  • yeah I already got this but the problem is that this only works with x-www-form-urlencoded and not with JSON Commented Feb 28, 2017 at 16:07

1 Answer 1

Reset to default
3

The reason behind the use of application/x-www-form-urlencoded as Content-Type is simple: the OAuth2 specification (RFC 6749) requires this content type for token requests.

Any other content-type will break OAuth2 compliant clients compatibility. I advice you to not change this standard behavior.

The default implementation of OAuthAuthorizationServerMiddleware (more precisely the internally used OAuthAuthorizationServerHandler) from Microsoft.Owin.Security.OAuth just ignores the Content-Type header and tries to read the request body as a form anyway.

For Another way , In RequestBody you can write, grant_type=password&username=yourUserName&password=MyPassword123,

Also make sure after grant_type=password&username=username&password=password there is no space or line break.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yeah worked for me now... sorry that it took me so long^^

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.