So I'm trying to implement a very basic oauth authorization server in ASP .NET using OWIN.
Here's my source:
public class AuthorizationConfig {
private const string WebClientId = "WebClient";
private const string WebClientSecret = "WebClientSecret";
public static void Configure(IAppBuilder app) {
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions() {
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(8),
AllowInsecureHttp = true,
Provider = new OAuthAuthorizationServerProvider() {
OnValidateClientAuthentication = context => {
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret))
{
if (clientId == WebClientId && clientSecret == WebClientSecret)
{
return Task.FromResult(context.Validated(clientId));
}
}
context.SetError("invalid_client", "Client credentials provided are invalid.");
return Task.FromResult<object>(null);
},
OnGrantResourceOwnerCredentials = context => {
var userName = context.UserName;
var password = context.Password;
var clientId = context.ClientId;
//validate resource owner credentials
if (userName == "admin" && password == "password" && clientId == WebClientId)
{
var identity = new ClaimsIdentity();
identity.AddClaim(new Claim("username", userName));
identity.AddClaim(new Claim("clientId", clientId));
return Task.FromResult(context.Validated(identity));
}
context.SetError("invalid_grant", "Resource owner credentials are invalid.");
return Task.FromResult<object>(null);
}
}
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
Now everytime I try to send a post to my host/token, I can see when debugging that the code successfully executes the context.Validated methods but on the return response, I get an ArgumentNullException: Value. Anyone else having this issue?
EDIT: Here's the stacktrace i'm getting
[ArgumentNullException: Value cannot be null.
Parameter name: value]
System.IO.BinaryWriter.Write(String value) +11937097
Microsoft.Owin.Security.DataHandler.Serializer.TicketSerializer.Write(BinaryWriter writer, AuthenticationTicket model) +97
Microsoft.Owin.Security.DataHandler.Serializer.TicketSerializer.Serialize(AuthenticationTicket model) +161
Microsoft.Owin.Security.DataHandler.SecureDataFormat`1.Protect(TData data) +45
Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext.SerializeTicket() +16
Microsoft.Owin.Security.OAuth.<InvokeTokenEndpointAsync>d__22.MoveNext() +4114
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
Microsoft.Owin.Security.OAuth.<InvokeAsync>d__0.MoveNext() +1109
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +383
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +561
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +185
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +380
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Well I solved the issue by initializing the ClaimsIdentity with the AuthenticationType. Not sure how exactly this resolves the stack trace, but i don't get runtime errors anymore.
ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);