JWT - Configuring a Authorization Server and setti

I am trying to set up an Authorization Server following this guide: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/

However, I want to assign my local server (i.e. the server that the project runs on) as the issuer for CustomJwtFormatting. So, in Startup.cs I use:

    public void ConfigureOAuth(IAppBuilder app)
    {
        var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host
            + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port

        OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            //For Dev enviroment only (on production should be AllowInsecureHttp = false)
            //TODO: Make it false before going live
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/oauth2/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
            Provider = new CustomOAuthProvider(),
            AccessTokenFormat = new CustomJwtFormat(issuer)
        };

        // OAuth 2.0 Bearer Access Token Generation
        app.UseOAuthAuthorizationServer(OAuthServerOptions);
    }

And for the CustomJwtFormat class, the code is like that:

var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port);  // get the host name with the port
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);

However, I get a 404 error when I send a POST request to http://127.0.0.1/oauth2/token :

What is the best way to achieve that issuer-on-the-local-server thing correctly in ASP.NET?

回答1:

You need to provide the clientId in the Authorization header and set its type to Basic, consider that i have also encoded the clientId

check my request

回答2:

Well, I have tried assigning null to the issuer like

var issuer = null;
//var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port`

and it worked.