This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 17%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
I am trying to get a token from my ADFS Server to authenticate a call from my ASP.NET Core MVC Site to my ASP.NET Core Web API.Can someone give me an idea of where I am going wrong or point me to some examples / instructions on how to set this up?
We are not using Azure and most examples I find use azure.
ERROR:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidOBOAssertionException: MSIS9387: Received invalid OAuth request. Audience 'urn:microsoft:userinfo' in the 'assertion' is not same as the identifier of the client ‘xxreplacedfakedataxx'.
CODE:
var openIdToken = await _httpContextAccessor.HttpContext.GetTokenAsync("access_token"); //access_token or id_token
var clientCredential = new ClientCredential(_clientId, _secret);
var authContext = new AuthenticationContext(_authority, false);
// Get ADFS token but using openID token
if (openIdToken != null)
{
const string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
var userAssertion = new UserAssertion(openIdToken, assertionType);
var token = await authContext.AcquireTokenAsync(_audience, clientCredential, userAssertion);
return token.AccessToken;
}
ERROR:
{"MSIS9649: Received invalid OAuth request. The 'assertion' parameter value is not a valid access token."}
CODE:
var openIdToken = await _httpContextAccessor.HttpContext.GetTokenAsync("id_token"); //should this be access_token or id_token, I tried both but no luck
var clientCredential = new ClientCredential(_clientId, _secret);
var authContext = new AuthenticationContext(_authority, false);
// Get ADFS token but using openID token
if (openIdToken != null)
{
const string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
var userAssertion = new UserAssertion(openIdToken, assertionType);
AuthenticationResult authenticateResult = null;
try
{
authenticateResult = await authContext.AcquireTokenAsync(_audience, clientCredential, userAssertion);
}
catch (Exception ex)
{
throw new Exception(ex.ToString(), ex);
}
return authenticateResult?.AccessToken;
}