Get 'unsupported grant_type' when send request to my asp.net web api Token .Access-orig

0
votes

I have an angular 2 application which is running on localhost:4200 and have api server on the other side which running on localhost:1713 with some apies such as products,customers ... and web api server default apies such as value API.

I give access-control-allow-origin just to my domain that my angular 2 application running ( localhost:4200 ) with this access i can send request to all apies which require authentication (I add manually access-token to the request header that get from postman).

Until here everything is OK but when i make request to my token api with this url : http://localhost:1713/token with my password and username from my angular app I get 'unsupported grant_type' error.

Please help me how to fix it. I want this and give access just to my angular 2 app domain not for all domains.

2
angularauthentication

2 Answers

0
votes

This has nothing to do with the domain you requested from. When you send a request to /token you need to specify the type of authentication you want to use. Thats what the grant_type property is for. So since your sending username and password you'll want to also send :

grant_type: password

Later you might want to send refresh_token or refresh_claims for other purposes. In this case the .Net auth middleware won't look for a password, it will look for your JWT in the headers.

Point is, there are many ways to authenticate with the /token endpoint and you need to always tell it how you want to using grant_type in your request. If you don't include it, you'll get the error you got.

0
votes

I found my problem and fixed it by adding this code in the first line to my ApplicationOAuthProvider GrantResourceOwnerCredentials method. code is this:

context.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://localhost:4200" });

and also add enable cors to this domain by adding code blew to my webconfig.cs code is this:

var cors = new EnableCorsAttribute("http://localhost:4200", "*", "*");
            config.EnableCors(cors);

notice: first code enable access to /token endpoint to my domain and the second one enable access to other api controllers such as values, products...