.NET Core Identity - How generate token from another place than path/connect/token

Question

in my web api application I get the acess token from http:applicationpath/connect/token with some parameters (this endpoint is from Identity I think, since we dont create it neither can see it). But now I need to generate the token from a specific controller but cant see how to do this. Someone knows how this can be made? Or even if it's possible? Thanks

Some more info:

My application is an integrator (is this the word?) between an android app(app1) and other web application(app2).
1- The app1 user will send the login and password to my application .
2- Then my application will send then to the app2 who will, if everything goes well, return the app2 token .
3- Then I have to save this token in my db.
4- Then verify if the user exists in my db, and if not, save it.
5- And finally generate an token for my application and return it to the user.

Does this answer your question? [Change default endpoint in IdentityServer 4](https://stackoverflow.com/questions/39186533/change-default-endpoint-in-identityserver-4) — , Jan 09 '20 at 21:25
But can I, instead of change de default endpoint, make another endpoint that do the same (generate the token)? — Lucas Gabriel, Jan 10 '20 at 18:10

score 0 · Answer 1 · 2020-01-14T16:27:42.730

0

Based on your comment:

But can I, instead of change de default endpoint, make another endpoint that do the same (generate the token)?

it seems that you are rather looking for Extending discovery. This is quite easy actually.

Add a custom entry in the configuration of startup:

services.AddIdentityServer(options =>
{
    options.Discovery.CustomEntries.Add("custom_token", "~/customtoken");
});

And add a controller that handles the request:

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

// In case a token is required for login, like the UserInfo endpoint:
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[ApiController]
public class CustomTokenController : ControllerBase
{
    [Route("customtoken")]
    public IActionResult CustomTokenEndpoint()
    {
        return Ok();
    }
}

Update

You can 'replace' the endpoint by disabling the default authorization endpoint and adding a custom endpoint as described above.

Disable the endpoint:

services
    .AddIdentityServer(options =>
    {
        options.Endpoints.EnableAuthorizeEndpoint = false;
    })

You may want to use the Authorize path constant.

public const string Authorize = ConnectPathPrefix + "/authorize";

Add the new endpoint:

services.AddIdentityServer(options =>
{
    options.Discovery.CustomEntries.Add("authorization_endpoint", $"~/{Authorize}");
});

Please note, I didn't test it, but I think this should work.

edited Jan 14 '20 at 16:27

answered Jan 10 '20 at 20:21

This is for overwrite the default route with a custom one? – Lucas Gabriel Jan 13 '20 at 18:09
@LucasGabriel No, it doesn't overwrite the default endpoint. It adds a custom endpoint. As you asked in your comment: But can I, instead of change the default endpoint, make _another endpoint_. – Jan 13 '20 at 18:45
What I need is to have the content of the default controller in somewhere else. This content is what I dont have. Sorry for the confuse description – Lucas Gabriel Jan 13 '20 at 20:10
@LucasGabriel Can you explain why? What are you trying to accomplish in words, without thinking in techinal solutions. Do you want to replace the token generator or something? – Jan 13 '20 at 20:25
My application is an integrator (is this the word?) between an android app(app1) and other web application(app2). 1- The app1 user will send the login and password to my application . 2- Then my application will send then to the app2 who will, if everything goes well, return the app2 token . 3- Then I have to save this token in my db. 4- Then verify if the user exists in my db, and if not, save it. 5- And finally generate an token for my application and return it to the user. – Lucas Gabriel Jan 13 '20 at 20:54
App1 seems to be a client that sends the user credentials (which is not recommended) to the server. You can register App1 as client with the Resource Owner Password Credentials (ROPC) grant and leave the authorization endpoint as-is. A resource can be accessed by the client configuring scopes. Where a scope is a piece of functionality that is part of the resource, in the samples resource Api1 with scope Api1. If you want to hide resources for direct access, you can use delegation as described [here](http://docs.identityserver.io/en/latest/topics/extension_grants.html). – Jan 13 '20 at 22:45
I know the way I an doing is not the best way. But sadly I am limited by superior orders to do this way :´( – Lucas Gabriel Jan 14 '20 at 12:15

.NET Core Identity - How generate token from another place than path/connect/token

1 Answers1