How can I set Extra Data into Access Token in Authorization code flow

Question

I am implementing a OAuth2 provider using DotNetOpenAuth. Using implicit flow, I was capable of passing extra data to function CreateAccessToken (IAuthorizationServerHost), inside the param (IAccessTokenRequest accessTokenRequestMessage) and assign that to the token:

accessToken.ExtraData.Add("DeptID", accessTokenRequestMessage.ExtraData["DeptID"].ToString());

I accomplished it adding the info inside EndUserAuthorizationRequest in Auhtorize endpoint.

The issue is that using authorization code flow, and doing the same thing, the param (IAccessTokenRequest accessTokenRequestMessage) always has an empty collection of ExtraData.

I suppose that it is because using this flow there is a second call to Token endpoint, and the information is lost.

How could I pass this information to CreateAccessToken function? Thanks in advance.

Answer 1

The only way I achieved to pass information to the token creation was using the User property:

var response = this.AuthServer.PrepareApproveAuthorizationRequest(AuthorizationRequest, userInfoString);

I have passed a encrypted string of JSON serialization of the information needed. Then, from CreateAccessToken function I've retrieved the value using Reflection over IAccessTokenRequest parameter.

It is not a solution as elegant as I wish, but at least it worked!