问题描述

我想从令牌端点响应修改响应体。

我试图拦截 /令牌用的MessageHandler请求，但它不能正常工作。

我能一些额外的信息添加到由重写 OAuthAuthorizationServerProvider.TokenEndpoint 法的反​​应，但我不能够创建自己的响应体。

有没有办法拦截 /令牌请求？

修改

我发现了如何从令牌端点的响应删除响应正文的内容，像这样： HttpContext.Current.Response.Sup pressContent = TRUE;

这似乎正确的方式来实现我的目标，但现在当我使用 context.AdditionalResponseParameters.Add（）方法来添加我的自定义信息，在燮pressContent 阻止任何改变。

现在我有这样的事情：

  //从令牌端点的响应卸下体
HttpContext.Current.Response.Sup pressContent = TRUE;
//添加自定义信息
context.AdditionalResponseParameters.Add（一，测试）;
 

要简单地增加新项目的JSON令牌的响应，您可以使用 TokenEndpointResponse 不是 TokenEndpoint 的通知。

如果你正在寻找一种方式来完全替代由您自己一个人在的OAuth2授权服务器ppared令牌响应$ P $，有可悲的是没有简单的方法来做到这一点，因为 OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync 不调用 TokenEndpointResponse 的通知后检查 OAuthTokenEndpointContext.IsRequestCompleted 属性。

<一个href=\"http://katanaproject.$c$cplex.com/SourceControl/latest#src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs\" rel=\"nofollow\">http://katanaproject.$c$cplex.com/SourceControl/latest#src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs

这是一个已知的问题，但为时已晚把它列入卡塔纳3当我建议进行修复。

您应该给 Owin.Security.OpenIdConnect.Server 一试：这是 OAuthAuthorizationServerMiddleware 我与@manfredsteyer发展。

的

当然，它包括正确的检查，以允许绕过默认令牌请求处理（这甚至分叉，当我固定的第一件事）。

I want to modify the response body from the token endpoint response.

I've tried to intercept the /Token request with a MessageHandler but it doesn't work.

I'm able to add some additional informations to the response by overriding the OAuthAuthorizationServerProvider.TokenEndpointmethod, but I'm not able to create my own response body.

Is there a way to intercept the /Token request?

Edit

I found out how to remove the response body content from the token endpoint response, like this: HttpContext.Current.Response.SuppressContent = true;

It seems the right way to achieve my goal, but now when I use the context.AdditionalResponseParameters.Add() method to add my custom information, the SuppressContent block any alterations.

Now I have something like this:

// Removing the body from the token endpoint response
HttpContext.Current.Response.SuppressContent = true;
// Add custom informations
context.AdditionalResponseParameters.Add("a", "test");

To simply add new items to the JSON token response, you can use TokenEndpointResponse instead of the TokenEndpoint notification.

If you're looking for a way to completely replace the token response prepared by the OAuth2 authorization server by your own one, there's sadly no easy way to do that because OAuthAuthorizationServerHandler.InvokeTokenEndpointAsync doesn't check the OAuthTokenEndpointContext.IsRequestCompleted property after invoking the TokenEndpointResponse notification.

http://katanaproject.codeplex.com/SourceControl/latest#src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs

This is a known issue, but it was too late to include it in Katana 3 when I suggested to fix it.

You should give Owin.Security.OpenIdConnect.Server a try: it's an (experimental) fork of the OAuthAuthorizationServerMiddleware I'm developing with @manfredsteyer.

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev

Of course, it includes the correct check to allow bypassing the default token request processing (this was even one of the first things I fixed when forking it).