public void PostConfigure(string name, OpenIdConnectOptions options) { var idpClient = _clientFactory.CreateClient("IDPClient"); // Read out the discovery document. This isn't required, but it avoids having // to hard-code the token endpoint URL. var discoveryDocument = idpClient.GetDiscoveryDocumentAsync().Result; if (discoveryDocument.IsError) { throw new Exception(discoveryDocument.Error); } options.Events = new OpenIdConnectEvents() { // other configuration OnAuthorizationCodeReceived = context => { var token = _tokenGenerator.CreateSignedToken( "webclientjwt", discoveryDocument.TokenEndpoint); context.TokenEndpointRequest.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"; context.TokenEndpointRequest.ClientAssertion = token; return(Task.CompletedTask); } }; }
public async Task <IActionResult> GetTokenWithPrivateKeyJWT() { var idpClient = _httpClientFactory.CreateClient("IDPClient"); var discoveryDocumentResponse = await idpClient.GetDiscoveryDocumentAsync(); if (discoveryDocumentResponse.IsError) { throw new Exception(discoveryDocumentResponse.Error); } var signedToken = _tokenGenerator.CreateSignedToken("api1jwtclient", discoveryDocumentResponse.TokenEndpoint); var tokenResponse = await idpClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest { Address = discoveryDocumentResponse.TokenEndpoint, ClientId = "api1jwtclient", Scope = "api1.fullaccess", ClientAssertion = { Type = OidcConstants.ClientAssertionTypes.JwtBearer, Value = signedToken } }); if (tokenResponse.IsError) { throw new Exception(tokenResponse.Error); } // call API with the access token var client = _httpClientFactory.CreateClient("APIClient"); client.SetBearerToken(tokenResponse.AccessToken); var result = await client.GetStringAsync("api/claims"); ViewBag.Json = JArray.Parse(result.ToString()); return(View("ApiResult")); }