[英]Returning 401 response in OpenID Connect server with ASOS
I followed tutorial on Creating your own OpenID Connect server with ASOS .我遵循了使用 ASOS 创建自己的 OpenID Connect 服务器的教程。 Everything works fine but in case user enters wrong credentials he will see 400 response status code.
一切正常,但如果用户输入错误的凭据,他将看到 400 响应状态代码。 I would like to change this status code to 401. Here is code of my version of HandleTokenRequest function:
我想将此状态代码更改为 401。这是我的 HandleTokenRequest function 版本的代码:
public override Task HandleTokenRequest(HandleTokenRequestContext context)
{
if (context.Request.IsPasswordGrantType())
{
return GrantResourceOwnerCredentials(context);
}
return base.HandleTokenRequest(context);
}
private async Task GrantResourceOwnerCredentials(HandleTokenRequestContext context)
{
var userService = context.HttpContext.RequestServices.GetService<IUserService>();
var user = await userService.AuthenticateAsync(context.Request.Username, context.Request.Password);
if (user != null)
{
var identity = CreatePrincipal(Mapper.Map<UserModel>(user), null);
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties(), context.Scheme.Name);
ticket.SetScopes(Consts.Scopes.Api1, Consts.Scopes.ApiOfflineAccess);
context.Validate(ticket);
return;
}
context.Reject(error: "invalid_grant", description: "The user name or password is incorrect.");
}
I do not see how to pass response code here.我看不到如何在这里传递响应代码。 Is it possible in this approach?
这种方法有可能吗?
Making my comment an answer.让我的评论成为答案。 From my experience, a 400 status code is very typical.
根据我的经验,400 状态码是非常典型的。
And it's also in the specification: https://openid.net/specs/openid-connect-core-1_0.html#TokenErrorResponse它也在规范中: https://openid.net/specs/openid-connect-core-1_0.html#TokenErrorResponse
If the Token Request is invalid or unauthorized, the Authorization Server constructs the error response.
如果令牌请求无效或未经授权,则授权服务器构造错误响应。 The parameters of the Token Error Response are defined as in Section 5.2 of OAuth 2.0 [RFC6749].
令牌错误响应的参数在 OAuth 2.0 [RFC6749] 的第 5.2 节中定义。 The HTTP response body uses the application/json media type with HTTP response code of 400.
HTTP 响应正文使用 application/json 媒体类型,HTTP 响应代码为 400。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.