AFDS - How do I get a token to authenticate a call from my ASP.NET Core MVC Site to my ASP.NET Core Web API?
I am trying to get a token from my ADFS Server to authenticate a call from my ASP.NET Core MVC Site to my ASP.NET Core Web API.Can someone give me an idea of where I am going wrong or point me to some examples / instructions on how to set this up?
We are not using Azure and most examples I find use azure.
ERROR:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidOBOAssertionException: MSIS9387: Received invalid OAuth request. Audience 'urn:microsoft:userinfo' in the 'assertion' is not same as the identifier of the client ‘xxreplacedfakedataxx'.
CODE:
var openIdToken = await _httpContextAccessor.HttpContext.GetTokenAsync("access_token"); //access_token or id_token
var clientCredential = new ClientCredential(_clientId, _secret);
var authContext = new AuthenticationContext(_authority, false);
// Get ADFS token but using openID token
if (openIdToken != null)
{
const string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
var userAssertion = new UserAssertion(openIdToken, assertionType);
var token = await authContext.AcquireTokenAsync(_audience, clientCredential, userAssertion);
return token.AccessToken;
}
ERROR:
{"MSIS9649: Received invalid OAuth request. The 'assertion' parameter value is not a valid access token."}
CODE:
var openIdToken = await _httpContextAccessor.HttpContext.GetTokenAsync("id_token"); //should this be access_token or id_token, I tried both but no luck
var clientCredential = new ClientCredential(_clientId, _secret);
var authContext = new AuthenticationContext(_authority, false);
// Get ADFS token but using openID token
if (openIdToken != null)
{
const string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
var userAssertion = new UserAssertion(openIdToken, assertionType);
AuthenticationResult authenticateResult = null;
try
{
authenticateResult = await authContext.AcquireTokenAsync(_audience, clientCredential, userAssertion);
}
catch (Exception ex)
{
throw new Exception(ex.ToString(), ex);
}
return authenticateResult?.AccessToken;
}