I'm attempting to retrieve an OAuth access token using a SAML assertion. I need the access token to hit a resource API in the backend.
I'm currently posting a base64 url encoded SAML assertion.
curly braces indicated redacted values
var result = string.Empty;
var ClientId = {{Guid value}};
var ApiResourceId = {{Guid value}};
var authority = "https://login.microsoftonline.com/{{tenantID}}";
var assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
var encodedAssertion = Base64UrlEncoder.Encode(XMLAssertion);
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("client-request-id", ClientId);
client.DefaultRequestHeaders.Add("return-client-request-id", "true");
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
var dict = new Dictionary<string, string>();
dict.Add("client_id", ClientId);
dict.Add("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
dict.Add("assertion", encodedAssertion);
dict.Add("scope", "{{scope value}}");
var req = new HttpRequestMessage(HttpMethod.Post, string.Format("{0}/oauth2/v2.0/token", authority)) { Content = new FormUrlEncodedContent(dict) };
var res = client.SendAsync(req).Result;
var task = res.Content.ReadAsStreamAsync().ContinueWith(t =>
{
using (var reader = new StreamReader(t.Result))
while (reader.Peek() > 0)
result += reader.ReadLine();
});
task.Wait();
}
I'm trying to get an access token I can use to request a bearer token to use the resource API. I need to use the SAML assertion to authenticate the user has logged in.
I'm currently getting this error back (again with the tenant id redacted)
{"error":"invalid_request","error_description":"AADSTS50107: Requested federation realm object
'https://sts.windows.net/{{tenantID}}/' does not exist. Trace
ID: {{guid value1}} Correlation
ID: {{guid value2}} Timestamp: 2019-01-28 02:33:48Z",
"error_codes":[50107],"timestamp":"2019-01-28 02:33:48Z","trace_id":"{{guid value1}}",
"correlation_id":"{{guid value2}}"}
