Web API 2 Excel File Export With OAuth2 Implicit Flow

Software Engineering

This article demonstrates how to set up a Web API 2 excel file download using OAuth2 Implicit Flow. The application requires an Authorization Server and Identity Server V2 from Thinkteckture and also the excel Media Formatter from WebApiContrib. leastprivilege.com provided a lot of blogs which helped complete this article. Thanks for those blogs. The article should help as a simple Howto for this scenario.

Code: https://github.com/damienbod/ExcelFileExportWithOAuth2ImplicitFlow

OAuth2 Implicit Flow
The application uses the OAuth2 Implicit flow. This flow is defined here:

Resource Server

The resource server is a simple MVC application which hosts a Web API 2 service. The api has one single method for exporting excel data. This export uses the WebApiContrib.Formatting.Xlsx library from Jordan Gray. The api method forces that excel is always returned no matter what is set in the Accept Header. This is not usually good practice as the client should decide in which format…

View original post 743 more words

This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Web API 2 Excel File Export With OAuth2 Implicit Flow

  1. Chris Berthold says:


    I saw this post and have watched the API Security on PluralSight. I am wondering however what the right way to handle things such as report PDF and images in javascript? I consider adding the token to the GET a bad idea in general. I’m thinking this is more of a hybrid solution to get a new access token back with scope set for the resource but i almost want to include claims for the resource itself too. Then that gets passed to the url. What are your thoughts on this?

    • You could embed your own mini token issuer for your resources – and scoped, short/long lived access token that you can send along (either via a header or a query string) from the client.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s