asp.netowinwebapp2

ArgumentNullException occurring when trying to request authentication token


So I'm trying to implement a very basic oauth authorization server in ASP .NET using OWIN.

Here's my source:

public class AuthorizationConfig {
        private const string WebClientId = "WebClient";
        private const string WebClientSecret = "WebClientSecret";

        public static void Configure(IAppBuilder app) {
            app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions() {
                TokenEndpointPath = new PathString("/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromHours(8),
                AllowInsecureHttp = true,
                Provider = new OAuthAuthorizationServerProvider() {
                    OnValidateClientAuthentication = context => {
                        string clientId;
                        string clientSecret;

                        if (context.TryGetBasicCredentials(out clientId, out clientSecret))
                        {
                            if (clientId == WebClientId && clientSecret == WebClientSecret)
                            {
                                return Task.FromResult(context.Validated(clientId));
                            }
                        }

                        context.SetError("invalid_client", "Client credentials provided are invalid.");
                        return Task.FromResult<object>(null);
                    },

                    OnGrantResourceOwnerCredentials = context => {
                        var userName = context.UserName;
                        var password = context.Password;
                        var clientId = context.ClientId;

                        //validate resource owner credentials
                        if (userName == "admin" && password == "password" && clientId == WebClientId)
                        {
                            var identity = new ClaimsIdentity();
                            identity.AddClaim(new Claim("username", userName));
                            identity.AddClaim(new Claim("clientId", clientId));

                            return Task.FromResult(context.Validated(identity));
                        }

                        context.SetError("invalid_grant", "Resource owner credentials are invalid.");
                        return Task.FromResult<object>(null);
                    }
                }
            });

            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
        } 
    }

Now everytime I try to send a post to my host/token, I can see when debugging that the code successfully executes the context.Validated methods but on the return response, I get an ArgumentNullException: Value. Anyone else having this issue?

EDIT: Here's the stacktrace i'm getting

[ArgumentNullException: Value cannot be null.
Parameter name: value]
   System.IO.BinaryWriter.Write(String value) +11937097
   Microsoft.Owin.Security.DataHandler.Serializer.TicketSerializer.Write(BinaryWriter writer, AuthenticationTicket model) +97
   Microsoft.Owin.Security.DataHandler.Serializer.TicketSerializer.Serialize(AuthenticationTicket model) +161
   Microsoft.Owin.Security.DataHandler.SecureDataFormat`1.Protect(TData data) +45
   Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext.SerializeTicket() +16
   Microsoft.Owin.Security.OAuth.<InvokeTokenEndpointAsync>d__22.MoveNext() +4114
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
   Microsoft.Owin.Security.OAuth.<InvokeAsync>d__0.MoveNext() +1109
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +383
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +561
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +185
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
   System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +380
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Solution

  • Well I solved the issue by initializing the ClaimsIdentity with the AuthenticationType. Not sure how exactly this resolves the stack trace, but i don't get runtime errors anymore.

    ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);