OWIN AuthorizeEndpoint with redirect_uri is different from uri web api

Question

OWIN AuthorizeEndpoint with redirect_uri is different from uri web api

I have successfully used bearer token authentication for asp.net web APIs as shown in the default single page app template. But now I want to use the same web API from another site (different url).

When I make a request to the AuthorizeEndpoint web API (default / api / Account / ExternalLogin ) from another site, I get error: invalid_request . I think the problem is the value of redirect_uri, since changing this value for a site running in the same domain as the web api solves the problem.

The ValidateClientRedirectUri method in the OAuthAuthorizationServerProvider application does not start. Therefore, based on my search in the Katana source, the origin of the error is in OAuthAuthorizationServerHandler.InvokeAuthorizeEndpointAsync .

Does anyone have other problems or am I doing something wrong?

+8

asp.net asp.net-web-api oauth owin asp.net-web-api2

uross Feb 09 '14 at 23:32

source share

2 answers

The carrier token appears to be a hash in the hash request that is local to your application.

We use the jwt token with a separate validation handler. Cross-application works.

Look for the best way, but at the moment it works.

-one

jan raak Mar 19 '16 at 16:21

source share

leastprivilege · Accepted Answer · 2014-02-10T07:27:39+0000

Katana OAuth middleware is not intended for cross-application — it is mainly for “embedding” the OAuth authorization server in a business resource.

If you want the correct (free) authorization server, see here: https://github.com/thinktecture/Thinktecture.AuthorizationServer/wiki

OWIN AuthorizeEndpoint with redirect_uri is different from uri web api

More articles: