OAuthAuthorizationServerProvider.GrantResourceOwnerCredentials Method (OAuthGrantResourceOwnerCredentialsContext)


Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and optional "refresh_token". If the web application supports the resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749\#section-4.3.

Namespace:   Microsoft.Owin.Security.OAuth
Assembly:  Microsoft.Owin.Security.OAuth (in Microsoft.Owin.Security.OAuth.dll)


public virtual Task GrantResourceOwnerCredentials(
    OAuthGrantResourceOwnerCredentialsContext context
virtual Task^ GrantResourceOwnerCredentials(
    OAuthGrantResourceOwnerCredentialsContext^ context
abstract GrantResourceOwnerCredentials : 
        context:OAuthGrantResourceOwnerCredentialsContext -> Task
override GrantResourceOwnerCredentials : 
        context:OAuthGrantResourceOwnerCredentialsContext -> Task
Public Overridable Function GrantResourceOwnerCredentials (
    context As OAuthGrantResourceOwnerCredentialsContext
) As Task


Return Value

Type: System.Threading.Tasks.Task

Task to enable asynchronous execution



See Also

OAuthAuthorizationServerProvider Class
Microsoft.Owin.Security.OAuth Namespace

Return to top