locked
Authorization of access_token as parameter on Resource Server RRS feed

  • Question

  • User1066278571 posted

    I have a web app which uses OAuth2 Implicit flow for security. This works fine. Now I have a file export/download in a Web API service. I cannot use ajax to GET the file. I have to use a standard form. Due to this, I have to send the bearer token as a parameter.

    How can I set up the OWIN Middleware to authorise this on the resource server? One idea is to create an extra OWIN Middleware which intecepts the request and adds the token to the header. I'm not certain if this is a good idea.

    Would be greatful for any help or best practices.

    greetings Damien

    Saturday, May 3, 2014 2:32 PM

Answers

  • User1779161005 posted

    Looks like there's an event on the OAuthBearerAuthenticationProvider called RequestToken -- you might be able to hook this and then read the token from your custom param.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, May 3, 2014 2:47 PM

All replies

  • User1779161005 posted

    Looks like there's an event on the OAuthBearerAuthenticationProvider called RequestToken -- you might be able to hook this and then read the token from your custom param.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, May 3, 2014 2:47 PM
  • User1066278571 posted

    Thanks, I try this

    greetings Damien

    Saturday, May 3, 2014 2:50 PM
  • User1066278571 posted

    Thanks a million

    That works perfect.

    greetings Damien

    Saturday, May 3, 2014 3:04 PM