search

IdentityServer / IdentityServer3

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
https://identityserver.github.io/Documentation/
Apache License 2.0
2.01k stars 764 forks source link

OAuth as external provider #3273

Closed mkramar closed 7 years ago

mkramar commented 8 years ago

I'm trying to use UseOAuthBearerAuthentication as external provider with IdentityServer.

I implemented my custom OAuthBearerAuthenticationProvider. Using this provider I successfully redirect to external OAuth server. Then external OAuth server posts back and I extract access_token from post data. Then my custom ISecureDataFormat successfully extracts AuthenticationTicket from JWT token. Then I would expect IdentityServer would do its magic and redirect back to client. However instead it responds with 405 Method not Allowed.

It seems that there must be a thing that tells IdentityServer that claims were successfully extracted from external provider and it is OK to go ahead and redirect to client. What is this thing I'm missing?

Thank you!

PS. I cannot find any samples with UseOAuthBearerAuthentication as external provider.

leastprivilege commented 8 years ago

This does not make sense?

UseOAuthBearerAuthentication is for validating incoming bearer tokens.

You need something challenge/redirect based for external providers - like e.g. the google authN middleware.