public async Task <string> AcquireTokenAsync() { try { var principal = httpContextAccessor.HttpContext.User; var tokenCache = new DistributedTokenCache(distributedCache, principal.FindFirst(B2CAuthConstants.ObjectIdClaimType).Value).GetMSALCache(); var client = new ConfidentialClientApplication(authOptions.ClientId, authOptions.GetAuthority(principal.FindFirst(B2CAuthConstants.AcrClaimType).Value), "https://app", // it's not really needed new ClientCredential(authOptions.ClientSecret), tokenCache, null); var account = (await client.GetAccountsAsync()).FirstOrDefault(); var result = await client.AcquireTokenSilentAsync(new[] { $"{authOptions.ApiIdentifier}/read_values", $"{authOptions.ApiIdentifier}/update_booking" }, account); return(result.AccessToken); } catch (MsalUiRequiredException) { throw new ReauthenticationRequiredException(); } }
private static OpenIdConnectEvents CreateOpenIdConnectEventHandlers(B2CAuthenticationOptions authOptions, B2CPolicies policies, IDistributedCache distributedCache) { return(new OpenIdConnectEvents { OnRedirectToIdentityProvider = context => SetIssuerAddressAsync(context, policies.SignInOrSignUpPolicy), OnRedirectToIdentityProviderForSignOut = context => SetIssuerAddressForSignOutAsync(context, policies.SignInOrSignUpPolicy), OnAuthorizationCodeReceived = async context => { try { var principal = context.Principal; var userTokenCache = new DistributedTokenCache(distributedCache, principal.FindFirst(B2CAuthConstants.ObjectIdClaimType).Value).GetMSALCache(); var client = new ConfidentialClientApplication(authOptions.ClientId, authOptions.GetAuthority(principal.FindFirst(B2CAuthConstants.AcrClaimType).Value), "https://app", // it's not really needed new ClientCredential(authOptions.ClientSecret), userTokenCache, null); var result = await client.AcquireTokenByAuthorizationCodeAsync(context.TokenEndpointRequest.Code, new[] { $"{authOptions.ApiIdentifier}/read_booking", $"{authOptions.ApiIdentifier}/update_booking" }); context.HandleCodeRedemption(result.AccessToken, result.IdToken); } catch (Exception ex) { context.Fail(ex); } }, OnTokenValidated = context => { var claimsIdentity = (ClaimsIdentity)context.Principal.Identity; claimsIdentity.AddClaim(new Claim(BookFastClaimTypes.InteractorRole, InteractorRole.Customer.ToString())); return Task.FromResult(0); }, OnAuthenticationFailed = context => { context.Fail(context.Exception); return Task.FromResult(0); }, OnMessageReceived = context => { if (!string.IsNullOrEmpty(context.ProtocolMessage.Error) && !string.IsNullOrEmpty(context.ProtocolMessage.ErrorDescription)) { if (context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90091")) // cancel profile editing { context.HandleResponse(); context.Response.Redirect("/"); } else if (context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90118")) // forgot password { context.HandleResponse(); context.Response.Redirect("/Account/ResetPassword"); } } return Task.FromResult(0); } }); }