public TokenProviderService(IOptions <TokenProviderServiceSettings> settingsOption)
{
var settings = settingsOption.Value;
_scopes = new[] { settings.Resource + "/.default" };
if (string.IsNullOrEmpty(settings.CertificateThumbprint) && string.IsNullOrEmpty(settings.ClientSecret))
{
throw new InvalidOperationException("Configure the token provider settings in the appsettings.json file.");
}
if (settings.CertificateThumbprint != "" && settings.ClientSecret != "")
{
throw new InvalidOperationException("Only configure certificate or secret authenticate, not both, in the appsettings file.");
}
var builder = ConfidentialClientApplicationBuilder
.Create(settings.ClientId)
.WithAuthority(new Uri(settings.Authority));
if (settings.CertificateThumbprint != "")
{
var x509Cert = CertificateUtility.GetByThumbprint(settings.CertificateThumbprint);
builder = builder.WithCertificate(x509Cert);
}
else
{
builder = builder.WithClientSecret(settings.ClientSecret);
}
_tokenApp = builder.Build();
}
private async Task <string> AcquireTokenWithCertificateAsync()
{
var x509Cert = CertificateUtility.GetByThumbprint(_settings.CertificateThumbprint);
var clientAssertion = new ClientAssertionCertificate(_settings.ClientId, x509Cert);
var context = new AuthenticationContext(_settings.Authority);
var authenticationResult = await context.AcquireTokenAsync(_settings.Resource, clientAssertion);
return(authenticationResult.AccessToken);
}