I'm creating a webapi project with oauth bearer token authenthication and external login providers (google, twitter, facebook etc.). I started with the basic VS 2013 template and got everything to work fine!
However, after a user successfully logs is, the owin infrastructure creates a redirect with the folllowing structure:
http://some.url/#access_token=<the access token>&token_type=bearer&expires_in=1209600
In my server code I want to add an additional parameter to this redirect because in the registration process of my app, a new user needs to first confirm and accept the usage license before he/she is registered as a user. Therefore I want to add the parameter "requiresConfirmation=true" to the redirect. However, I've no clue about how to do this. I tried setting AuthenticationResponseChallenge.Properties.RedirectUri of the AuthenticationManager but this doesn't seem to have any affect.
Any suggestions would be greatly appreciated!
It should be relatively easy with the
AuthorizationEndpointResponse
notification:In your custom
OAuthAuthorizationServerProvider
implementation, simply overrideAuthorizationEndpointResponse
to extract your extra parameter from the ambient response grant, which is created when you callIOwinContext.Authentication.SignIn(properties, identity)
. You can then add a customrequiresConfirmation
parameter toAdditionalResponseParameters
: it will be automatically added to the callback URL (i.e in the fragment when using the implicit flow):In your code calling
SignIn
, determine whether the user is registered or not and addrequiresConfirmation
to theAuthenticationProperties
container:Feel free to ping me if you need more details.