Is there way to read the refresh_token generated by my OAuthAuthorizationServerProvider on login? I see that you can read the accesss_token by implementing the following method:
public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
{
var accessToken = context.AccessToken;
return Task.FromResult<object>(null);
}
however the refresh token doesn't seem to exist in the OAuthTokenEndpointResponseContext. Is there somewhere I can read the refresh token for logging/troubleshooting purposes?
Background:
My client is having issues with refresh tokens on their network (which I'm not allowed to access). They previously had issues where a network-wide security appliance they have on premises was overwriting my applications access_token in flight.
I'm fairly certain it is doing the same with the refresh_token, but they're denying it. I would like to add logging on what refresh_token was generated, and what refresh token was used to attempt a refresh. That way we can better see if it is being modified at some point in the login/refresh life-cycle.
Nevermind, I was looking in the wrong place. The refresh token is generated, and can be read in, your implementation of AuthenticationTokenProvider, in the Create method:
public override void Create(AuthenticationTokenCreateContext context)
{
context.Ticket.Properties.ExpiresUtc = new DateTimeOffset(DateTime.Now.AddMinutes(20));
context.SetToken(context.SerializeTicket());
string refreshToken = context.Token;
}