AntiForgeryToken does not work well with OAuth via WebAPI

Question

We are trying to make a MVC4 app with Oauth (Gmail) authorisation accessible via a WebAPi. We made a WebAPI controller that returns a list of data, but we cannot put the authorise attribute to work properly.

Right now it is difficult to send the AntiForgeryToken correctly to the server and we get a session_requestverificationtoken error.

Is there a good way to parse and post the correct antiforgery token via Webai? Or is there a better way to login via OAuth via a webapi?

score 1 · Accepted Answer · answered May 09 '14 at 22:21

1

Why are you using an AntiForgeryToken with Web API? It's not necessary, just authenticate with your request with OAuth. They are not meant to work together.

answered May 09 '14 at 22:21

Yishai Galatzer

8,791
2
32
41

Got it to work with an extra controller without AntiForgeryToken indeed. – user2609980 May 10 '14 at 11:41

AntiForgeryToken does not work well with OAuth via WebAPI

1 Answers1

Linked