This project has moved and is read-only. For the latest updates, please go here.

How to enable "a concent screen" scenario for the Authorization Code Flow

Aug 31, 2013 at 11:03 AM
I couldn't figure out where to write the logic for concent screen on the OAuthAuthorizationServerMiddleware. Looking at the sample code and I cannot see a sample for that.
Aug 31, 2013 at 9:12 PM
Coincidentally I am just look at trying the same thing. In that sample, it looks like all of the logic is in the Authorize.cshtml file.
Sep 1, 2013 at 5:01 AM
Yep, that's exactly it. The request passes through the auth server middleware to an application handler. That can be a web page, controller action of any kind, etc. So you can return html that comes back as a post. The key is when you tell the iaurhenticationmanager to signin with a claims identity of authenticationtype "Bearer" the auth server middleware takes that as the instruction to proceed with issuing a token using the requested flow.