Getting hold of the access token in the sign in process to Azure Active Directory

Morten 21 Reputation points


I want to sign in users to their Microsoft account (Work or school account or accounts). I've managed to do this through example code. However, for my project I want to store the access token for later access. The problem is that I don't know where I can find the access token in the code. I have basic knowledge of OAUTH and using GET and POST commands, but no expert in ASP.NET, Razor or the libraries that handles the authentication or sign in process.

I've created a project as follows, which contained example code to sign in users:

Create new project - ASP.NET Core Web Application - Web Application (Model-View-Controller).
Choose .NET Core 2.2.
Authentication - click "change".
Choose "Work or school accounts". Information: For applications that authenticate users with Active Directory, Microsoft Azure Active Directory, or Office 365.
Enter domain name of my Microsoft Azure Active Directory tenant.

Running this application, it will ask me to log in and to consent that the application can get access to my account. It works as intended.

But is there any place in the code where I can debug and have a look at the access token? I can't even locate the POST command in the project code, which I assume is called behind the scenes to get hold of it.


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,604 questions
No comments
{count} votes

Accepted answer
  1. KalyanChanumolu-MSFT 8,251 Reputation points Microsoft Employee

    You can use the OnTokenValidated event to capture the token for debugging.
    Here is a sample code from Startup.cs

             .AddAzureAD(options => Configuration.Bind("AzureAd", options));
    services.Configure(AzureADDefaults.OpenIdScheme, options =>
        options.Authority = options.Authority + "/v2.0/";         
        options.TokenValidationParameters.ValidateIssuer = false; 
        options.Events = new OpenIdConnectEvents
            OnTokenValidated = context =>
                // Access Token
                var accessToken = context.SecurityToken.RawData;
                return Task.CompletedTask;
            OnAuthenticationFailed = context =>
                Console.WriteLine($"Token Authentication failed with error: " + context.Exception.Message);
                return Task.CompletedTask;
    No comments

1 additional answer

Sort by: Most helpful
  1. Morten 21 Reputation points

    Thanks, I get these errors when I try this (also tried it in .NET Core 3.0):

    The type arguments for method 'OptionsServiceCollectionExtensions.Configure(IServiceCollection, string, Action)' cannot be inferred from the usage. Try specifying the type arguments explicitly.

    If I try to specify the type of the arguments as CookiePolicyOptions, which was default after the project had been created, then I get errors like

    'BinderOptions' does not contain a definition for 'Events' and no accessible extension method 'Events' accepting a first argument of type 'BinderOptions' could be found (are you missing a using directive or an assembly reference?)

    (not only for Events but also for Authority and TokenValidationParameters).

    Am I missing something?

    The original services.Configure block in my Startup.cs file has the type CookiePolicyOptions and no argument like AzureADDefaults.OpenIdScheme.