public void PostConfigure(string name, OpenIdConnectOptions options)
{
var idpClient = _clientFactory.CreateClient("IDPClient");
// Read out the discovery document. This isn't required, but it avoids having
// to hard-code the token endpoint URL.
var discoveryDocument = idpClient.GetDiscoveryDocumentAsync().Result;
if (discoveryDocument.IsError)
{
throw new Exception(discoveryDocument.Error);
}
options.Events = new OpenIdConnectEvents()
{
// other configuration
OnAuthorizationCodeReceived = context =>
{
var token = _tokenGenerator.CreateSignedToken(
"webclientjwt",
discoveryDocument.TokenEndpoint);
context.TokenEndpointRequest.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
context.TokenEndpointRequest.ClientAssertion = token;
return(Task.CompletedTask);
}
};
}
public async Task <IActionResult> GetTokenWithPrivateKeyJWT()
{
var idpClient = _httpClientFactory.CreateClient("IDPClient");
var discoveryDocumentResponse = await idpClient.GetDiscoveryDocumentAsync();
if (discoveryDocumentResponse.IsError)
{
throw new Exception(discoveryDocumentResponse.Error);
}
var signedToken = _tokenGenerator.CreateSignedToken("api1jwtclient", discoveryDocumentResponse.TokenEndpoint);
var tokenResponse = await idpClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = discoveryDocumentResponse.TokenEndpoint,
ClientId = "api1jwtclient",
Scope = "api1.fullaccess",
ClientAssertion =
{
Type = OidcConstants.ClientAssertionTypes.JwtBearer,
Value = signedToken
}
});
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
// call API with the access token
var client = _httpClientFactory.CreateClient("APIClient");
client.SetBearerToken(tokenResponse.AccessToken);
var result = await client.GetStringAsync("api/claims");
ViewBag.Json = JArray.Parse(result.ToString());
return(View("ApiResult"));
}