AntiForgeryToken does not work well with OAuth via WebAPI

Question

We are trying to make a MVC4 app with Oauth (Gmail) authorisation accessible via a WebAPi. We made a WebAPI controller that returns a list of data, but we cannot put the authorise attribute to work properly.

Right now it is difficult to send the AntiForgeryToken correctly to the server and we get a session_requestverificationtoken error.

Is there a good way to parse and post the correct antiforgery token via Webai? Or is there a better way to login via OAuth via a webapi?

Answer 1

Why are you using an AntiForgeryToken with Web API? It's not necessary, just authenticate with your request with OAuth. They are not meant to work together.