[OAuth2 Provider] Good start - a few comments and questions

Forge Component
Published on 12 Jun by leonardo.fernandes
1 vote
Published on 12 Jun by leonardo.fernandes

This application is very interesting.  A few comments/questions:

1) /Example_Provider_BackOffice/Applications.aspx doesn't have any "New" button to create a new entry.  Minor issue and can be overcome by navigating to /Example_Provider_BackOffice/ApplicationDetail.aspx?ApplicationId=0

2) If I understand correctly, the /oauth/token exposed method is for the purposes of requesting a token or refreshing an existing token after submitting correct authorization and request parameters.  However, at the "GetAuthorizationsByCode" aggregate, the filters are for an existing record in the Authorization entity with an existing token that's not expired.  I'm not understanding the purpose here, as if the token has expired, or perhaps the token itself is lost, why require these to generate a new token?  The authorization is sufficient to request this.

3) I'm not fully understanding where the Authorize Web Block would be used?  There is no entry point in your applications.  It's at this page that the upon acceptance, the first token entry is created. In addition the page preparation is also doing an "authorize" process that fails without additional parameters passed into it.

Hi Chris,

Let me see if I can help with your questions.

1. Creating a new application.

You are right there is not new applications button. The idea though, was to provide some for of self registration to the consumer of the API which was not fully implemented. The application should be created via the Application web block under the OAuth2Provider.

2. Yes, that doesn't sound right. Try removing the filter for the expiration date and do some testing. I can't remember why it is there, possibly a bug ;).

Feel free to fix anything and contribute your code, I'll add you to the team.

3. The idea behind this web block was to have an easy way handle the authorization. It is being used on the AuthorizationPage to which you are redirected through the Authorize entry point on the provider back-office.

In essence the example provider and example consumer are just that, examples. The OAuth2Provider does have a couple of web block developers could use on their implementations.