How to get Identity Server 4's access_token in ASP Net 4.7 MVC Application
Question
I have some issues getting the access_token of the Identity Server 4 in my ASP Net 4.7.2 client application to call an API.
In ASP .Net Core client, I can get the access_token like this:
public async Task<IActionResult> CallApi()
{
var accessToken = await HttpContext.GetTokenAsync("access_token");
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var content = await client.GetStringAsync("http://localhost:5001/identity");
ViewBag.Json = JArray.Parse(content).ToString();
return View("Json");
}
Just the simple:
var accessToken = await HttpContext.GetTokenAsync("access_token");
But how can I get the access_token in my ASP Net 4.x client?
My Startup code looks like this:
public class Startup
{
public void Configuration(IAppBuilder app)
{
var authority = JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieName = "CustomIdentityCookie"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
//AuthenticationType = "oidc",
Authority = "http://localhost:5000",
RedirectUri = "http://localhost:57319/signin-oidc",
PostLogoutRedirectUri = "http://localhost:57319/signout-callback-oidc",
ClientId = "mvc472",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "api01 openid profile offline_access",
// for debug
RequireHttpsMetadata = false,
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies"
});
}
}
1 answers
solution1
0 2019-02-25 06:42:15
I got a solution. Hope anybody can tell me if this solution is ok. I used the workaround from the IdentityServer3 like this: IdentityServer 3 Mvc Client I edited the depricated methods and updated to Identity Server 4.
It worked, except the logout: I get not redirected to the MVC App after logout from Identity Server. I get a 404 Error, can't find the /signout-callback-oidc route.
Here the new Startup class:
public class Startup
{
public void Configuration(IAppBuilder app)
{
//var authority = JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
Authority = "http://localhost:5000",
RedirectUri = "http://localhost:57319/signin-oidc",
PostLogoutRedirectUri = "http://localhost:57319/signout-callback-oidc",
ClientId = "mvc472",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "api01 openid profile offline_access",
// for debug
RequireHttpsMetadata = false,
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
var client = new HttpClient();
DiscoveryResponse disco = await client.GetDiscoveryDocumentAsync("http://localhost:5000");
var tokenResponse = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = disco.TokenEndpoint,
RedirectUri = "http://localhost:57319/signin-oidc",
ClientId = "mvc472",
ClientSecret = "secret",
Code = n.Code
});
var userInfoResponse = await client.GetUserInfoAsync(new UserInfoRequest
{
Address = disco.UserInfoEndpoint,
Token = tokenResponse.AccessToken
});
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", tokenResponse.IdentityToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, "name", "role"),
n.AuthenticationTicket.Properties
);
},
// noch nicht getestet
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
ASP .NET 4.7 MVC Authentication and Authorization Identity
Asp.net Web Api 2 - how to get access_token from C# code
Silent renew access_token via refresh_token in asp.net core mvc
Storing access token from Identity Server in NET Core web application
Cant get 'access_token' from httpcontext asp.net core
ASP .NET Core 3.1 problem get access_token with Microsoft OAuth 2.0
ASP.NET Core 2.0 resource access_token
Get the access token in an Azure integrated ASP.NET Core MVC application
Verify Access Token - Asp.Net Identity
Why does adding Microsoft Identity auth cause another policy's GetTokenAsync("access_token") to return null?
Related Tags