4

This may be a dumb question, but here goes :)

I have the following applications in this problem:

  • An IdentityServer3
  • A WebApi2 application which uses the Identityserver as its authenticator
  • MVC web app

What I want to do, is to call a secured service on the WebApi from the IdentityServer, but in order to do so I require an access token.

How do I within the IdentityServer issue an access token to itself (which in order will be authenticated through itself from the WebApi)

Lundsern
  • 170
  • 1
  • 11

3 Answers3

6

IdentityServer includes an OWIN extension method that allows issuing tokens directly - no need to go through one of the protocol flows.

It is called IssueClientToken and is documented here:

https://identityserver.github.io/Documentation/docsv2/advanced/owin.html

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
1

I have the same, or very similar requirement. In my case, a user requests a token and is authenticated using an external IdP (this is using authcode flow). Just after the user authentication process I need IdentityServer to contact the secured WebApi - and in doing so IdentityServer needs a token (using Client Credentials flow)

My current solution (but I am still testing) is to make the call within AutenticateExternalAsync on a custom User Service. Here I make a call using TokenClient.RequestClientCredentialsAsync. Obviously, a client needs setting up for IdentityServer itself.

Early indications are that this works as expected in a dev environment.

Andy Kendall
  • 33
  • 6
0

I followed the suggestion from @Andy and it worked for me :) Posting my code here for others to see. The following code is implemented in a custom User Service.

    public override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
    {
        var user = GetUsersAsync().SingleOrDefault(x => x.Username == context.UserName && x.Password == context.Password);
        if (user != null)
        {
            context.AuthenticateResult = new AuthenticateResult(user.Subject, user.Username);
        }

        return Task.FromResult(0);
    }

    private static List<CustomUser> GetUsersAsync()
    {

        var response =  GetTokenAsync();

        var result = CallUserApi(response.Result.AccessToken).Result;
        var users = JsonConvert.DeserializeObject<List<CustomUser>>(result);

        return users;
    }


    private static Task<string> CallUserApi(string token)
    {
        var client = new HttpClient();
        client.SetBearerToken(token);

        var json = client.GetStringAsync($"https://your.apiAdress.here/");
        return json;
    }

    private static Task<IdentityModel.Client.TokenResponse> GetTokenAsync()
    {
        var client = new TokenClient(
            "https://identityserver.adress.here/identity/connect/token",
            "clientId",
            "secret");

        return client.RequestClientCredentialsAsync("apiScope");

    }
Lundsern
  • 170
  • 1
  • 11