I successfully implemented my custom OAuthAuthorizationServerProvider
. But when I log in and retrieve a token, my client doesn't have any idea of the user's roles, claims, etc.
I currently added a webapi controller to return the list of the principal's claims, but I'm not really happy with that.
When requesting a token, the current response looks like:
{
access_token: "qefelgrebjhzefilrgo4583535",
token_type: "bearer",
expires_in: 59
}
Q> How can make it return something like the following snippet?
{
access_token: "qefelgrebjhzefilrgo4583535",
token_type: "bearer",
expires_in: 59,
user: {
name: 'foo',
role: 'bar'
}
}
My progress so far:
The documentation of OAuthAuthorizationServerProvider#TokenEndpoint(OAuthTokenEndpointContext)
says:
Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional response parameters to the Token endpoint's json response body.
I couldn't find any example of how to customize the response, and asp-net Identity's source code is not yet released, so I'm quite stuck.