public async Task <string> ConvertAsync(TokenBaseAttribute attribute, CancellationToken cancellationToken)
{
attribute.CheckValidity();
switch (attribute.Identity)
{
case TokenIdentityMode.UserFromId:
// If the attribute has no identity provider, assume AAD
attribute.IdentityProvider = attribute.IdentityProvider ?? "AAD";
var easyAuthTokenManager = new EasyAuthTokenManager(_easyAuthClient, _options);
return(await easyAuthTokenManager.GetEasyAuthAccessTokenAsync(attribute));
case TokenIdentityMode.UserFromToken:
return(await GetAuthTokenFromUserToken(attribute.UserToken, attribute.Resource));
case TokenIdentityMode.ClientCredentials:
return(await _aadManager.GetTokenFromClientCredentials(attribute.Resource));
}
throw new InvalidOperationException("Unable to authorize without Principal ID or ID Token.");
}
/// <summary>
/// Retrieve an access token for the specified resource (e.g. MS Graph)
/// </summary>
/// <param name="attribute">TokenAttribute with desired resource & user's principal ID or ID token</param>
/// <returns>JWT with audience, scopes, user id</returns>
public async Task <string> GetAccessTokenAsync(TokenAttribute attribute)
{
attribute.CheckValidity();
switch (attribute.Identity)
{
case TokenIdentityMode.UserFromId:
// If the attribute has no identity provider, assume AAD
attribute.IdentityProvider = attribute.IdentityProvider ?? "AAD";
string signingKey = AppSettings.Resolve(Constants.AppSettingWebsiteAuthSigningKey);
var easyAuthTokenManager = new EasyAuthTokenManager(EasyAuthClient, signingKey);
return(await easyAuthTokenManager.GetEasyAuthAccessTokenAsync(attribute));
case TokenIdentityMode.UserFromToken:
return(await GetAuthTokenFromUserToken(attribute.UserToken, attribute.Resource));
case TokenIdentityMode.ClientCredentials:
return(await AadClient.GetTokenFromClientCredentials(attribute.Resource));
}
throw new InvalidOperationException("Unable to authorize without Principal ID or ID Token.");
}