Return types for OAuth2.0 Methods (C#)

Question

I'm creating a C# application which makes a REST call and used OAuth2.0 authentication.

For OAuth2.0, the process is that a token is obtained by POST, providing client_id, client_secret and grant_type.

When making a GET call thereafter, the token that is returned from the POST needs to be provided in the header field.

So, this brings up 2 questions:

1. In the POST method to obtain the token, a Json is returned which contains multiple attributes (including the token and timeout period). As it is the token that is required, JsonConvert ( var token = JsonConvert.DeserializeObject>(responseJson)["access_token"].ToString(); ) is used to just bring this and map the variable to a string. And the method returns this variable as a string. For requesting a token, is using a string as the return type for the function a correct approach?
2. In the GET method to obtain the data from the REST service call, the token is passed in with a search criteria, this returns a Json result. JsonConvert.DeserializeObject<> is used to map this to the .NET objects. What should the return for this function be? It isn't string as it contains multiple variables.

Answer 1

I suggest you create 2 classes. One for your token and one for the response of your get call.

The actual token is not the only important bit in your initial call, its type and when the token expires are also important so you know what kind of authorization header to create ( most likely Bearer ) and also when to request a new token or refresh the one in use.

So, first use a client like Postman to see the responses so you can mirror them in your C# class.

Once you have the token class, move on to the next class.

You could of course do something else, take advantage of "dynamic" for example

your call could look like this:

JsonConvert.DeserializeObject<dynamic>(responseString);

This way you don't have to create classes for your return types, however I would still recommend the other way.

For your second question, the return type will be whatever you specify to the deserializer.

Let's take the token for example:

public sealed class TokenModel
    {
        public string access_token { get; set; }

        public string token_type { get; set; }

        public int expires_in { get; set; }
    }

then your call to get that data looks like this:

var tokenModel = JsonConvert.DeserializeObject<TokenModel>(responseJson);

Answer 2

Question 1: Yes you can store token as a string. No problem with that.

Question 2: Depend on how you set up. However normally token is added in the Authorisation header not the body of the request. The result returned from the request should not contain the token its self. I guess it is a Json object then you just have to have a POCO c# class to allow it to serialize.

For example the result return is json:

{
  "Property1": "Value1",
  "Property2": "Value2"
}

Then your class will be

 public class ReturnResult
    {
        [JsonProperty("Property1")]
        public string Property1 { get; set; }

        [JsonProperty("Property2")]
        public string Property2 { get; set; }
    }