private static void ClientCredentialFlow()
{
Console.WriteLine("Processing client credential flow" + Environment.NewLine);
var client = new OAuth2Client(new Uri(Endpoint + "/issue/oidc/token"), ClientId, ClientSecret);
var taks = client.RequestClientCredentialsAsync(Scope);
taks.Wait();
var tokenResponse = taks.Result;
Console.WriteLine("Access token received .. " + Environment.NewLine);
Console.WriteLine(tokenResponse.AccessToken + Environment.NewLine);
Console.WriteLine("Calling refresh token endpoint" + Environment.NewLine);
Task<TokenResponse> refreshTokenResponse = client.RequestRefreshTokenAsync(tokenResponse.RefreshToken);
refreshTokenResponse.Wait();
tokenResponse = refreshTokenResponse.Result;
Console.WriteLine("Access token received using refresh token .. " + Environment.NewLine);
Console.WriteLine(tokenResponse.AccessToken + Environment.NewLine);
RevokeToken(tokenResponse.AccessToken, "access_token");
}
private static TokenResponse RequestToken()
{
"Requesting token.".ConsoleYellow();
var client = new OAuth2Client(
new Uri(Constants.AS.OAuth2TokenEndpoint),
Constants.Clients.ResourceOwnerClient,
Constants.Clients.ResourceOwnerClientSecret);
TokenResponse response = null;
try
{
response =
client.RequestResourceOwnerPasswordAsync("pibline.authorization", "letmein","read").Result;
client.RequestClientCredentialsAsync();
Console.WriteLine(" access token");
response.AccessToken.ConsoleGreen();
Console.WriteLine("\n refresh token");
response.RefreshToken.ConsoleGreen();
Console.WriteLine();
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return response;
}
static TokenResponse GetClientToken()
{
var client = new OAuth2Client(
new Uri("https://localhost:44333/connect/token"),
"silicon",
"F621F470-9731-4A25-80EF-67A6F7C5F4B8");
return client.RequestClientCredentialsAsync("api1").Result;
}
static TokenResponse RequestToken()
{
var client = new OAuth2Client(
new Uri(Constants.TokenEndpoint),
"client",
"secret");
return client.RequestClientCredentialsAsync("read write").Result;
}
private async Task<TokenResponse> GetTokenAsync()
{
var client = new OAuth2Client(
new Uri("https://localhost:44319/identity/connect/token"),
"mvc_service",
"secret");
return await client.RequestClientCredentialsAsync("sampleApi");
}
/// <summary>
/// Get a token using Thinktecture OAuth2Client
/// </summary>
/// <returns></returns>
public static string GetToken()
{
var client = new OAuth2Client(
new Uri(ConfigurationManager.AppSettings["Authority"] + "/connect/token"),
_clientId,
_clientSecret);
var response = client.RequestClientCredentialsAsync("bimtoolkitapi").Result;
return response.AccessToken;
}
private static TokenResponse RequestToken()
{
"Requesting token.".ConsoleYellow();
var client = new OAuth2Client(
new Uri(Constants.AS.OAuth2TokenEndpoint),
Constants.Clients.Client,
Constants.Clients.ClientSecret);
var response = client.RequestClientCredentialsAsync("read").Result;
Console.WriteLine(" access token");
response.AccessToken.ConsoleGreen();
Console.WriteLine();
return response;
}
async Task <TokenResponse> GetGFSTokenAsync()
{
var uri = new Uri(@"https://identity.justshoutgfs.com/connect/token");
var client = new Thinktecture.IdentityModel.Client.OAuth2Client(
uri, P4MConsts.GfsClientId, P4MConsts.GfsClientSecret);
var tokenResponse = await client.RequestClientCredentialsAsync("read checkout-api");
if (tokenResponse == null || tokenResponse.AccessToken == null)
{
throw new Exception("Request for client credentials denied");
}
//Response.Cookies["gfsCheckoutToken"].Value = token;
//Response.Cookies["gfsCheckoutToken"].Expires = DateTime.UtcNow.AddSeconds(tokenResponse.ExpiresIn);
return(tokenResponse);
}
private async static Task ClientCredentialFlow()
{
try
{
var oauthClient = new OAuth2Client(new Uri("http://localhost:1642/token"), "angular", "secret");
var tokenResponse = oauthClient.RequestClientCredentialsAsync("read").Result;
var client = new HttpClient();
client.SetBearerToken(tokenResponse.AccessToken);
var response = await client.GetStringAsync(new Uri("http://localhost:1642/api/secure/data"));
Console.WriteLine(response);
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
}
private void buttonGetOAuthToken_Click(object sender, EventArgs e)
{
textBoxToken.Text = string.Empty;
try
{
// Getting a Token
string uri = textBoxTokenEndpoint.Text;
string clientid = textBoxClientId.Text;
string secret = textBoxSecret.Text;
string theToken = string.Empty;
long HowLongTillExpires = long.MinValue;
if(radioButtonThinkTecture.Checked)
{
// Using the Thinktecture.IdentityModel.Client
var client = new OAuth2Client(
new Uri(uri),
clientid,
secret);
// For Thinktecture the "scope" request is passed in.
var response = client.RequestClientCredentialsAsync("read write").Result;
// At this point we now have the AccessToken in the response
theToken = response.AccessToken;
HowLongTillExpires = response.ExpiresIn;
}
else if(radioButtonStandardHttpClient.Checked)
{
// Using standard http, we can make the call with Basic Authorization header
// We need to encode the "scope" as formUrlEncoded body
// First prepare the Base64Encode string for Basic Auth
string data = string.Format("{0}:{1}", clientid, secret);
byte[] binaryData = System.Text.Encoding.UTF8.GetBytes(data);
string authorizationString = System.Convert.ToBase64String(binaryData, 0, binaryData.Length);
using (var client = new HttpClient())
{
//Add Basic Authorization header for call to get OAuth token.
client.SetToken("Basic", authorizationString);
//Create specific request to send
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri);
//Pass in oAuth "grant_type" as "client credentials" and "scope" as "read write"
//These must be application-form-url-encoded
List<KeyValuePair<string, string>> bodyContentList = new List<KeyValuePair<string, string>>();
bodyContentList.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
bodyContentList.Add(new KeyValuePair<string, string>("scope", "read write"));
request.Content = new FormUrlEncodedContent(bodyContentList);
//Send request
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
string oAuthResponseString = response.Content.ReadAsStringAsync().Result;
//An example of using dynamic keyword and accessing properties ("access_token" and "expires_in") at runtime.
dynamic oAuthToken = JsonConvert.DeserializeObject(oAuthResponseString);
theToken = oAuthToken.access_token;
HowLongTillExpires = oAuthToken.expires_in;
}
else
{
throw new System.Exception("Unable to acquire token.");
}
}
}
else
{
throw new Exception("Invalid Client selected");
}
textBoxToken.Text = theToken;
textBoxExpiresInSeconds.Text = HowLongTillExpires.ToString();
}
catch(System.Exception exp)
{
textBoxToken.Text = string.Format("Unable to get token.{0}{1}", System.Environment.NewLine, exp.ToString());
}
}
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
AntiForgeryConfig.UniqueClaimTypeIdentifier = "unique_user_key";
app.UseResourceAuthorization(new AuthorizationManager());
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "mvc",
Authority = ExpenseTrackerConstants.IdSrv,
RedirectUri = ExpenseTrackerConstants.ExpenseTrackerClient,
SignInAsAuthenticationType = "Cookies",
ResponseType = "code id_token token",
Scope = "openid profile roles",
Notifications = new OpenIdConnectAuthenticationNotifications()
{
MessageReceived = async n =>
{
EndpointAndTokenHelper.DecodeAndWrite(n.ProtocolMessage.IdToken);
EndpointAndTokenHelper.DecodeAndWrite(n.ProtocolMessage.AccessToken);
//var userInfo = await EndpointAndTokenHelper.CallUserInfoEndpoint(n.ProtocolMessage.AccessToken);
},
SecurityTokenValidated = async n =>
{
var userInfo = await EndpointAndTokenHelper.CallUserInfoEndpoint(n.ProtocolMessage.AccessToken);
var givenNameClaim = new Claim(
Thinktecture.IdentityModel.Client.JwtClaimTypes.GivenName,
userInfo.Value<string>("given_name"));
var familyNameClaim = new Claim(
Thinktecture.IdentityModel.Client.JwtClaimTypes.FamilyName,
userInfo.Value<string>("family_name"));
var roles = userInfo.Value<JArray>("role").ToList();
var newIdentity = new ClaimsIdentity(
n.AuthenticationTicket.Identity.AuthenticationType,
Thinktecture.IdentityModel.Client.JwtClaimTypes.GivenName,
Thinktecture.IdentityModel.Client.JwtClaimTypes.Role);
newIdentity.AddClaim(givenNameClaim);
newIdentity.AddClaim(familyNameClaim);
foreach (var role in roles)
{
newIdentity.AddClaim(new Claim(
Thinktecture.IdentityModel.Client.JwtClaimTypes.Role,
role.ToString()));
}
var issuerClaim = n.AuthenticationTicket.Identity
.FindFirst(Thinktecture.IdentityModel.Client.JwtClaimTypes.Issuer);
var subjectClaim = n.AuthenticationTicket.Identity
.FindFirst(Thinktecture.IdentityModel.Client.JwtClaimTypes.Subject);
newIdentity.AddClaim(new Claim("unique_user_key",
issuerClaim.Value + "_" + subjectClaim.Value));
var oAuth2Client = new OAuth2Client(
new Uri(ExpenseTrackerConstants.IdSrvToken),
"mvc_api",
"secret");
var response = oAuth2Client.RequestClientCredentialsAsync("expensetrackerapi").Result;
// add the token
newIdentity.AddClaim(new Claim("access_token",
response.AccessToken));
n.AuthenticationTicket = new AuthenticationTicket(
newIdentity,
n.AuthenticationTicket.Properties);
},
}
});
}
public async Task<Authenticator> GetClientCredentialsAuthenticatorAsync()
{
var client = new OAuth2Client(authorizationEndpoint, options.ClientId, options.ClientSecret, OAuth2Client.ClientAuthenticationStyle.BasicAuthentication);
TokenResponse tokenResponse = await client.RequestClientCredentialsAsync(options.Scope).ConfigureAwait(false);
return new Authenticator(this, tokenResponse);
}
