Search code examples
c#asp.net-corehttpclientidentityserver4openid

How to get AuthorizationCode for RequestAuthorizationCodeTokenAsync


I am implementing IdentityServer. I need to use RequestAuthorizationCodeTokenAsync to get a token that can be passed to UserInfo endpoint. So I have a code like this:

var client = new HttpClient();
var tokenResponse = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
    Address = _discoveryDocument.TokenEndpoint,
    ClientId = ConfigurationManager.AppSettings["ClientId"],
    ClientSecret = ConfigurationManager.AppSettings["ClientSecret"],
    Code = "code",
    
});

My client is authenticated successfully and redirected. So how do I get the AuthorizationCode from this redirect so I can pass as Code to the RequestAuthorizationCodeTokenAsync. I have setup my startup.cs like this:

services.AddAuthentication(options =>
{
    options.DefaultScheme = "cookie";
    options.DefaultChallengeScheme = "oidc";
})
.AddCookie("cookie")
.AddOpenIdConnect("oidc", options =>
{
    options.Authority = ConfigurationManager.AppSettings["AuthorityUrl"];
    options.ClientId = ConfigurationManager.AppSettings["ClientId"];
    options.ClientSecret = ConfigurationManager.AppSettings["ClientSecret"];
    options.RequireHttpsMetadata = false;
    options.GetClaimsFromUserInfoEndpoint = true;

    options.ResponseType = "code";
    options.UsePkce = true;
    options.ResponseMode = "query";

    options.Scope.Add("openid");
    options.Scope.Add("profile");
    options.Scope.Add("ois");
    options.SaveTokens = true;

});

I know the Authorization request is supposed to return an Authorization code (i guess in a calback URL) but I have no idea how to get it.

I have tried using:

Microsoft.Extensions.Primitives.StringValues code;
Microsoft.Extensions.Primitives.StringValues state;

this.Request.Query.TryGetValue("code", out code);
this.Request.Query.TryGetValue("state", out state);

but the code is null.

Please help.

Thanks


Solution

  • Simply read the response:

    if (tokenResponse.IsError)
    {
        throw new Exception("...");
    }
    string token = tokenResponse.AccessToken;
    

    And I guess you are passing your actual code in the code parameter.

    If you are using Cookies and OpenIdConnect handlers you don't need to call IdentityServer. The handler does it for you. Your app should be authenticated when you return from the Identity Provider.

    As you configured your handler with SaveTokens = true, your tokens (access_token, refresh_token and id_token) are saved in your cookie.

    If you need the access your tokens you can use the extension method HttpContext.GetTokenAsync(string token):

    var accessToken = await HttpContext.GetTokenAsync("access_token");
    var isToken = await HttpContext.GetTokenAsync("id_token");
    var refreshToken = await HttpContext.GetTokenAsync("refresh_token");