How do you consume extra parameters in OAuth2 Token request within .net WebApi2 application
As it often is the case, I found the answer immediately after submitting the question...
ApplicationOAuthProvider.cs contains the following code out-of-the-box
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context){ using (UserManager<IdentityUser> userManager = _userManagerFactory()) { IdentityUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, context.Options.AuthenticationType); ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(context.UserName, data["udid"]); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }}
By simply adding
var data = await context.Request.ReadFormAsync();
within the method, you can access all posted variables in the request body and use them as you like. In my case, I placed it immediately after the null-check on the user to perform a more restrictive security check.
Hope this helps someone!