diff --git a/README.md b/README.md index b69e49f4..e6d8f18f 100644 --- a/README.md +++ b/README.md @@ -152,58 +152,10 @@ services.AddOpenIddict, ApplicationDbContext, - **Create your own authorization controller**: -To **support the password or the client credentials flow, you must provide your own token endpoint action**: +To **support the password or the client credentials flow, you must provide your own token endpoint action**. +To enable authorization code/implicit flows support, you'll similarly have to create your own authorization endpoint action and your own views/view models. -```csharp -[HttpPost("~/connect/token")] -[Produces("application/json")] -public async Task Exchange() { - var request = HttpContext.GetOpenIdConnectRequest(); - - if (request.IsPasswordGrantType()) { - var user = await _userManager.FindByNameAsync(request.Username); - if (user == null) { - return BadRequest(new OpenIdConnectResponse { - Error = OpenIdConnectConstants.Errors.InvalidGrant, - ErrorDescription = "The username/password couple is invalid." - }); - } - - // Ensure the password is valid. - if (!await _userManager.CheckPasswordAsync(user, request.Password)) { - return BadRequest(new OpenIdConnectResponse { - Error = OpenIdConnectConstants.Errors.InvalidGrant, - ErrorDescription = "The username/password couple is invalid." - }); - } - - // Note: for a more complete sample including account lockout support, visit - // https://github.com/openiddict/openiddict-core/blob/dev/samples/Mvc.Server/Controllers/AuthorizationController.cs - - var identity = await _userManager.CreateIdentityAsync(user, request.GetScopes()); - - // Create a new authentication ticket holding the user identity. - var ticket = new AuthenticationTicket( - new ClaimsPrincipal(identity), - new AuthenticationProperties(), - OpenIdConnectServerDefaults.AuthenticationScheme); - - ticket.SetResources(request.GetResources()); - ticket.SetScopes(request.GetScopes()); - - return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme); - } - - return BadRequest(new OpenIdConnectResponse { - Error = OpenIdConnectConstants.Errors.UnsupportedGrantType, - ErrorDescription = "The specified grant type is not supported." - }); -} -``` - -To **enable authorization code/implicit flows support, you'll similarly have to create your own authorization endpoint action** and your own views/view models. The Mvc.Server sample comes with an [`AuthorizationController` that you can easily reuse in your application](https://github.com/openiddict/openiddict-core/blob/dev/samples/Mvc.Server/Controllers/AuthorizationController.cs). - -![](https://cloud.githubusercontent.com/assets/6998306/10988233/d9026712-843a-11e5-8ff0-e7addffd727b.png) +The **Mvc.Server sample comes with an [`AuthorizationController` that supports both the password flow and the authorization code flow and that you can easily reuse in your application](https://github.com/openiddict/openiddict-core/blob/dev/samples/Mvc.Server/Controllers/AuthorizationController.cs)**. - **Enable the corresponding flows in the OpenIddict options**: