private async Task <string> GetAccessToken() { IConfidentialClientApplication app = ConfidentialClientApplicationBuilder .Create(_options.Value.ClientId) .WithClientSecret(_options.Value.ClientSecret) .WithAuthority(_options.Value.Authority) .Build(); string key = User.FindFirstValue("http://schemas.microsoft.com/identity/claims/objectidentifier"); TokenCacheHelper.Initialize( key, _cache, app.UserTokenCache ); //IEnumerable<string> scopes = _options.Value.Scopes.Split(";").Where(c => !string.IsNullOrEmpty(c)); IEnumerable <string> scopes = new string[] { "api://core/.default" }; try { var account = (await app.GetAccountsAsync()).FirstOrDefault(); var result = await app.AcquireTokenSilent(scopes, account) .ExecuteAsync(); return($"200:{result.AccessToken}"); } catch (MsalUiRequiredException) { return($"401:unauthorized"); } catch (Exception ex) { return($"500:{ex.Message}"); } }
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context) { string authority = context.Options.Authority; string clientId = context.Options.ClientId; string clientSecret = context.Options.ClientSecret; string redirectUri = context.TokenEndpointRequest.RedirectUri; string key = context.Principal.FindFirstValue("http://schemas.microsoft.com/identity/claims/objectidentifier"); string code = context.TokenEndpointRequest.Code; //IEnumerable<string> scopes = _azOptions.Scopes.Split(";").Where(c => !string.IsNullOrEmpty(c)); IEnumerable <string> scopes = new string[] { "api://core/.default" }; IDistributedCache cache = context.HttpContext.RequestServices.GetService <IDistributedCache>(); IConfidentialClientApplication app = ConfidentialClientApplicationBuilder .Create(clientId) .WithClientSecret(clientSecret) .WithAuthority(authority) .WithRedirectUri(redirectUri) .Build(); TokenCacheHelper.Initialize(key: key, distributedCache: cache, tokenCache: app.UserTokenCache); var result = await app.AcquireTokenByAuthorizationCode(scopes, code) .ExecuteAsync(); context.HandleCodeRedemption(result.AccessToken, result.IdToken); }