private async Task <AccessTokenResponse> GetNewToken() { var authClient = new Auth0.AuthenticationApi.AuthenticationApiClient( ConfigurationManager.AppSettings["auth0:Domain"]); return(await authClient.GetTokenAsync(new ClientCredentialsTokenRequest { ClientId = ConfigurationManager.AppSettings["auth0:ClientId"], ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"], Audience = $"https://{ConfigurationManager.AppSettings["auth0:Domain"]}/api/v2/" })); }
public void Configuration(IAppBuilder app) { // Configure Auth0 parameters string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"]; string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"]; string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"]; string auth0RedirectUri = ConfigurationManager.AppSettings["auth0:RedirectUri"]; string auth0PostLogoutRedirectUri = ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"]; const string ApiIdentifier = "{YOUR_API_IDENTIFIER}"; // Enable Kentor Cookie Saver middleware app.UseKentorOwinCookieSaver(); // Set Cookies as default authentication type app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = CookieAuthenticationDefaults.AuthenticationType, LoginPath = new PathString("/Account/Login") }); // Configure Auth0 authentication app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { AuthenticationType = "Auth0", Authority = $"https://{auth0Domain}", ClientId = auth0ClientId, ClientSecret = auth0ClientSecret, RedirectUri = auth0RedirectUri, PostLogoutRedirectUri = auth0PostLogoutRedirectUri, ResponseType = OpenIdConnectResponseType.CodeIdToken, // the "offline_access" scope indicates // that we want a refresh token in the response Scope = "openid profile email offline_access", TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" }, Notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = notification => { // this if block will add the "audience" parameter // with the identifier for which you want to get an access token // make sure to replace with your own identifier // or just delete this block if you just want an access token // for the OIDC user profile endpoint if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication) { notification.ProtocolMessage.SetParameter("audience", ApiIdentifier); } if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout) { var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}"; var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri; if (!string.IsNullOrEmpty(postLogoutUri)) { if (postLogoutUri.StartsWith("/")) { // transform to absolute var request = notification.Request; postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri; } logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}"; } notification.Response.Redirect(logoutUri); notification.HandleResponse(); } return(Task.FromResult(0)); }, AuthorizationCodeReceived = async notification => { // The OpenIdConnectAuthentication middleware does not // automatically exchange the authorization code for a // token result, so we do it here. using (var client = new Auth0.AuthenticationApi.AuthenticationApiClient(auth0Domain)) { var tokenResult = await client.GetTokenAsync(new Auth0.AuthenticationApi.Models.AuthorizationCodeTokenRequest { ClientId = auth0ClientId, ClientSecret = auth0ClientSecret, RedirectUri = notification.RedirectUri, Code = notification.Code }); // We'll store the access token, the access token expiration // and the refresh token in the user identity (which ends // up in the session cookie). This is not the only alternative, // the tokens could be stored elsewhere, like in a database or // another type of long term storage. if (!string.IsNullOrEmpty(tokenResult.RefreshToken)) { notification.AuthenticationTicket.Identity.AddClaim(new Claim("refresh_token", tokenResult.RefreshToken)); } notification.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", tokenResult.AccessToken)); var accessTokenExpirationDate = DateTime.Now.AddSeconds(tokenResult.ExpiresIn); notification.AuthenticationTicket.Identity.AddClaim(new Claim("access_token_expires_at", accessTokenExpirationDate.ToString("o"))); } } } }); }