问题描述

我想修改令牌端点响应中的响应正文.

I want to modify the response body from the token endpoint response.

我尝试使用 MessageHandler 拦截 /Token 请求，但没有成功.

I've tried to intercept the /Token request with a MessageHandler but it doesn't work.

我可以通过覆盖 OAuthAuthorizationServerProvider.TokenEndpoint 方法向响应添加一些附加信息，但我无法创建自己的响应正文.

I'm able to add some additional informations to the response by overriding the OAuthAuthorizationServerProvider.TokenEndpointmethod, but I'm not able to create my own response body.

有没有办法拦截/Token请求?

我发现了如何从令牌端点响应中删除响应正文内容，如下所示:HttpContext.Current.Response.SuppressContent = true;

I found out how to remove the response body content from the token endpoint response, like this: HttpContext.Current.Response.SuppressContent = true;

这似乎是实现我的目标的正确方法，但是现在当我使用 context.AdditionalResponseParameters.Add() 方法添加我的自定义信息时，SuppressContent 块任何改动.

It seems the right way to achieve my goal, but now when I use the context.AdditionalResponseParameters.Add() method to add my custom information, the SuppressContent block any alterations.

现在我有这样的事情:

// Removing the body from the token endpoint response
HttpContext.Current.Response.SuppressContent = true;
// Add custom informations
context.AdditionalResponseParameters.Add("a", "test");

推荐答案

要简单地向 JSON 令牌响应添加新项目，您可以使用 TokenEndpointResponse 而不是 TokenEndpoint通知.

To simply add new items to the JSON token response, you can use TokenEndpointResponse instead of the TokenEndpoint notification.

如果您正在寻找一种方法来完全替换由您自己的 OAuth2 授权服务器准备的令牌响应，遗憾的是没有简单的方法可以做到这一点，因为 OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync 没有调用 TokenEndpointResponse 通知后检查 OAuthTokenEndpointContext.IsRequestCompleted 属性.

If you're looking for a way to completely replace the token response prepared by the OAuth2 authorization server by your own one, there's sadly no easy way to do that because OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync doesn't check the OAuthTokenEndpointContext.IsRequestCompleted property after invoking the TokenEndpointResponse notification.

https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs

这是一个已知问题，但当我建议修复它时，将其包含在 Katana 3 中为时已晚.

This is a known issue, but it was too late to include it in Katana 3 when I suggested to fix it.

您应该尝试一下 Owin.Security.OpenIdConnect.Server:它是专为 Katana 3.0 和 4.0 设计的 OAuthAuthorizationServerMiddleware 的一个分支.

You should give Owin.Security.OpenIdConnect.Server a try: it's an a fork of the OAuthAuthorizationServerMiddleware designed for Katana 3.0 and 4.0.

https://www.nuget.org/packages/Owin.Security.OpenIdConnect.Server/1.0.2

当然，它包括正确的检查以允许绕过默认令牌请求处理(这甚至是我在 fork 时修复的第一件事).

Of course, it includes the correct check to allow bypassing the default token request processing (this was even one of the first things I fixed when forking it).

这篇关于如何在 Asp.Net Web API 2 中使用 Owin OAuth2 修改令牌端点响应正文的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！