search

IdentityServer / IdentityServer3.AccessTokenValidation

OWIN Middleware to validate access tokens from IdentityServer3
Apache License 2.0
90 stars 149 forks source link

AuthenticationType ignored #32

Closed huysentruitw closed 9 years ago

huysentruitw commented 9 years ago

It seems like passing the option AuthenticationType is ignored and always results in "Bearer" being used.

I'm doing:

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions()
{
    AuthenticationType = "Whatever",
    ...
});

Then, I change the filter for the WebAPI to:

config.Filters.Add(new HostAuthenticationFilter("Whatever"));

and change the request header to:

Authorize: Whatever <token_here>

But this doesn't work, always getting 401 back from the WebAPI. If I revert the filter and request header to "Bearer" (leaving the options.AuthenticationType set to Whatever), it works again.

Any idea what I might be doing wrong or isn't it supposed to work this way?

leastprivilege commented 9 years ago

The authentication type is not related to the scheme name on the authorization header. It is just the name of the middleware.

huysentruitw commented 9 years ago

Ok, that explains it. Thanks.