asp.net-web-api2 OAuth 2.0 in ASP.NET Web API Allowing Redirect URLs Other Than Site Root


Example

Go to Providers > ApplicationOAuthProvider.cs and edit the ValidateClientRedirectUri function. This was a big gotcha to me, as if you don't do this there'll be a fantastically unhelpful error message. By default, this code will make any callbacks to your site invalid unless they're to the site's root. You likely want to be able to handle the callbacks in a controller, so you'll need to change it to something like this:

public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
      if (context.ClientId == _publicClientId)
      {
            Uri expectedRootUri = new Uri(context.Request.Uri, "/");
            Uri expectedCallbackUri = new Uri(context.Request.Uri, "/callback");

            if (expectedRootUri.AbsoluteUri == context.RedirectUri ||
                  expectedCallbackUri.AbsoluteUri == context.RedirectUri)
            {
                  context.Validated();
            }
      }
      return Task.FromResult<object>(null);
}