Open Closed

Access token/Authentication for Azure Delegated API Permission Call #4154


User avatar
0
tjp102 created
  • ABP Framework version: v6.0.1
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes (multi-tiered)
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hello,

In our current ABP project, we use OIDC with Azure AD to authenticate users to our project. We want to call some APIs in another project, which is using NodeJS and also in our tenant, but need to authenticate when calling their API.

Is there a way to retrieve a delegated API access token and call the other NodeJS application's APIs? Currently tried to add the other project as a delegated API permission through Azure in our Azure project app registration, but couldn't find a way to get the access token in our .NET project to call the other api.

Thanks


9 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can get tokens from HttpContext,

    await httpContext.GetTokenAsync("access_token");

  • User Avatar
    0
    tjp102 created

    hi

    You can get tokens from HttpContext,

    await httpContext.GetTokenAsync("access_token");

    Hello,

    When using the await and GetTokenAsync from above, the value returned is null. For example, when adding the code block below, the value shows as null. Are there any changes we need to make for the Authentication configuration for OIDC to retrieve the access_token?

    if (User.Identity.IsAuthenticated)
                {
                    Console.WriteLine("User is Authenticated!");
                    string accessToken = await HttpContext.GetTokenAsync("access_token");
                    Console.WriteLine("AccessToken {0}", accessToken);
                }
    

    Here's a snippet of our OIDC config.

        context.Services.AddAuthentication()
                .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
                {
                    options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAD:TenantId"] + "/v2.0/";
                    options.ClientId = configuration["AzureAd:ClientId"];
                    options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
                    options.CallbackPath = configuration["AzureAd:CallbackPath"];
                    options.ClientSecret = configuration["AzureAd:ClientSecret"];
                    options.RequireHttpsMetadata = false;
                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;
                    options.Scope.Add("email");                                 options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
    

    When using this line of code though, we do get a bearer token back, can you also confirm this bearer token should work for getting the delegated token?

    string bearerToken = Request.Headers[HeaderNames.Authorization].ToString()
    

    Thanks

  • User Avatar
    0
    tjp102 created

    Hello,

    Sorry, need to provide some clarification. We are trying to retrieve an access token for calling APIs of applications in our Microsoft tenant. The main question is how do we send requests for those access tokens? Similar concept to MSAL where you can send a request for an access token to have permission to call APIs, but how do we implement the request for tokens with ABP framework.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    In which project are these codes located?

    https://support.abp.io/QA/Questions/4154#answer-d85b2d49-33af-095c-f391-3a07fad9ab95

  • User Avatar
    0
    tjp102 created

    Hello,

    The code below was sitting in the HttpApi project inside a controller endpoint.

    if (User.Identity.IsAuthenticated)
    {
        Console.WriteLine("User is Authenticated!");
        string accessToken = await HttpContext.GetTokenAsync("access_token");
        Console.WriteLine("AccessToken {0}", accessToken);
    }
    

    The other code is in the HttpApi.Host project, in the given file with the name *ApiHostModule.cs.

    Those code snippets aren't essential right now, we need to request an access token instead of retrieve from current context. The main thing is how can we request the needed access token from microsoft as mentioned in the other post. Sorry for any prior confusion. https://support.abp.io/QA/Questions/4154#answer-a2dd01f7-b10b-bd7d-e3ab-3a07fbfced67

    Thanks

  • User Avatar
    0
    tjp102 created

    Hello,

    Could we maybe set up a working session/call to resolve what we are trying to do? Should be a some what common scenario with trying to get access tokens for like a MS graph api call, but may not be explaining it well.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can get tokens from HttpContext in Web project, await httpContext.GetTokenAsync("access_token");

    The HttpApi project will get token from HTTP request. bearer token

    The Auth project is the issue and validates the token.

    So string bearerToken = Request.Headers[HeaderNames.Authorization].ToString() is the right way to get token in HttpApi project

  • User Avatar
    0
    tjp102 created

    Hello,

    Can we schedule a call to better explain our issue and resolve the issue?

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    If you have any questions, you can write here.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38