public AppHost(OAuthOptions oAuthOptions, IConfiguration configuration,
IDataProvider dataProvider)
{
_oAuthOptions = oAuthOptions ?? throw new ArgumentNullException(nameof(oAuthOptions));
_configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
_dataProvider = dataProvider ?? throw new ArgumentNullException(nameof(dataProvider));
}
private string CreateJwtClientAssertion(OAuthOptions oAuthOptions,
Microsoft.IdentityModel.Tokens.JsonWebKey jwk)
{
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Expires = DateTime.UtcNow.AddMinutes(960),
SigningCredentials = new SigningCredentials(jwk, SecurityAlgorithms.RsaSha256Signature),
Subject = new ClaimsIdentity(new List <Claim>
{
new Claim("sub", oAuthOptions.ClientId.ToString()),
new Claim("iss", oAuthOptions.ClientId.ToString()),
new Claim("jti", Guid.NewGuid().ToString()),
new Claim("aud", oAuthOptions.TokenEndpoint.ToString())
})
};
return(tokenHandler.WriteToken(tokenHandler.CreateJwtSecurityToken(tokenDescriptor)));
}
private async Task <object> GetAccessTokenAsync(OAuthOptions oAuthOptions,
Microsoft.IdentityModel.Tokens.JsonWebKey jsonWebKey)
{
var clientAssertion = CreateJwtClientAssertion(oAuthOptions, jsonWebKey);
using (var httpClient = new HttpClient())
{
var parameters = new Dictionary <string, string>
{
{ "client_assertion", HttpUtility.UrlEncode(clientAssertion) },
{ "client_assertion_type", ClientAssertionType },
{ "grant_type", "client_credentials" },
{ "scope", string.Join(SpaceSeparator, oAuthOptions.Scopes) }
};
var httpContent = new FormUrlEncodedContent(parameters);
var httpResponse = await httpClient.PostAsync(oAuthOptions.TokenEndpoint, httpContent);
return(!httpResponse.IsSuccessStatusCode
? (object)JsonConvert.DeserializeObject <ErrorResponse>(await httpResponse.Content.ReadAsStringAsync())
: JsonConvert.DeserializeObject <ClientCredentialGrantResponse>(await httpResponse.Content.ReadAsStringAsync()));
}
}
