I made an authorization server using OpenIdDict and it all seems to be working okay. It works when i call it using Postman, Swagger and www.oidcdebugger.com.
However, when I try to call it from my own application I can't seem to find the "code" which should be returned so I can then use it in the call the token exchange.
This is my first time using OpenIdDict and .NET Core so I'm not 100% exactly sure what I'm doing but everything seems to be working and I have a feeling I'm just missing something that should be obvious.
var user = HttpContext.User?.Identity?.Name;
using (var client = new HttpClient())
{
var authorizationToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"web-client:901564A5-E7FE-42CB-B10D-61EF6A8F3654"));
client.DefaultRequestHeaders.Authorization = new("Basic", authorizationToken);
client.DefaultRequestHeaders.Accept.Add(new("application/json")); // This might need to be adjusted, depending on your response format
var urlAuthorize = new Uri("https://localhost:7000/connect/authorize");
var paramAuthorize = new Dictionary<string, string>()
{
{"client_id", "web-client"},
{"client_secret","901564A5-E7FE-42CB-B10D-61EF6A8F3654"},
{"response_type","code"},
{"grant_type","code"},
{"redirect_uri", "https://localhost:7002/swagger/oauth2-redirect.html"},
{"state", "VHVlIEZlYiAyNyAyMDI0IDA2OjUwOjUzIEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp"}
};
var encodedContentAuthorize = new FormUrlEncodedContent(paramAuthorize);
var responseAuthorize = await client.PostAsync(urlAuthorize, encodedContentAuthorize).ConfigureAwait(false);
responseAuthorize.EnsureSuccessStatusCode();
return Ok();
}
I tried the code above and it all runs ok, I just don't know how to find the authorization code.
This was a problem with my own lack of understanding. The authentication code is not available at the point where I was looking for it. It is returning the challenge page, I needed to enter the client_id and client_secret into the challenge page and then submit. And then the authentication code is returned.