DotNetOpenAuth OpenID Flow w/ Own Auth Server

Question

I\'m having a lot of difficulty finding answers to a scenario I have to implement using DotNetOpenAuth and a particular flow I have to deal with.

In the

Answer 1

Just for completeness I thought I'd update this question with my answer.

What I ended up doing was moving the Authorize and Token endpoints into my MVC 4 application rather than having them within the API itself.

This way when calling the Authorize endpoint with a logged in user (thus having an ASP.NET FormsAuthentication cookie present) it is possible to get an authorisation code granted when the request processing hits this code:

        // Consider auto-approving if safe to do so.
        if (((OAuth2AuthorizationServer)this.authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest))
        {
            var approval = this.authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
            return this.authorizationServer.Channel.PrepareResponse(approval).AsActionResult();
        }

Once you have an authorisation code you can then call into the Token endpoint using a WebServerClient instance and calling its RequestUserAuthorization method.

When this calls back you can then call the ProcessUserAuthorization method which will return an IAuthorizationState object with your access token and refresh token.