- ABP Framework version: v6.0.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes (multi-tiered)
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hello,
In our current ABP project, we use OIDC with Azure AD to authenticate users to our project. We want to call some APIs in another project, which is using NodeJS and also in our tenant, but need to authenticate when calling their API.
Is there a way to retrieve a delegated API access token and call the other NodeJS application's APIs? Currently tried to add the other project as a delegated API permission through Azure in our Azure project app registration, but couldn't find a way to get the access token in our .NET project to call the other api.
Thanks
9 Answer(s)
-
0
hi
You can get tokens from HttpContext,
await httpContext.GetTokenAsync("access_token");
-
0
hi
You can get tokens from HttpContext,
await httpContext.GetTokenAsync("access_token");
Hello,
When using the await and GetTokenAsync from above, the value returned is null. For example, when adding the code block below, the value shows as null. Are there any changes we need to make for the Authentication configuration for OIDC to retrieve the access_token?
if (User.Identity.IsAuthenticated) { Console.WriteLine("User is Authenticated!"); string accessToken = await HttpContext.GetTokenAsync("access_token"); Console.WriteLine("AccessToken {0}", accessToken); }
Here's a snippet of our OIDC config.
context.Services.AddAuthentication() .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options => { options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAD:TenantId"] + "/v2.0/"; options.ClientId = configuration["AzureAd:ClientId"]; options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken; options.CallbackPath = configuration["AzureAd:CallbackPath"]; options.ClientSecret = configuration["AzureAd:ClientSecret"]; options.RequireHttpsMetadata = false; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
When using this line of code though, we do get a bearer token back, can you also confirm this bearer token should work for getting the delegated token?
string bearerToken = Request.Headers[HeaderNames.Authorization].ToString()
Thanks
-
0
Hello,
Sorry, need to provide some clarification. We are trying to retrieve an access token for calling APIs of applications in our Microsoft tenant. The main question is how do we send requests for those access tokens? Similar concept to MSAL where you can send a request for an access token to have permission to call APIs, but how do we implement the request for tokens with ABP framework.
Thanks
-
0
hi
In which project are these codes located?
https://support.abp.io/QA/Questions/4154#answer-d85b2d49-33af-095c-f391-3a07fad9ab95
-
0
Hello,
The code below was sitting in the HttpApi project inside a controller endpoint.
if (User.Identity.IsAuthenticated) { Console.WriteLine("User is Authenticated!"); string accessToken = await HttpContext.GetTokenAsync("access_token"); Console.WriteLine("AccessToken {0}", accessToken); }
The other code is in the HttpApi.Host project, in the given file with the name *ApiHostModule.cs.
Those code snippets aren't essential right now, we need to request an access token instead of retrieve from current context. The main thing is how can we request the needed access token from microsoft as mentioned in the other post. Sorry for any prior confusion. https://support.abp.io/QA/Questions/4154#answer-a2dd01f7-b10b-bd7d-e3ab-3a07fbfced67
Thanks
-
0
Hello,
Could we maybe set up a working session/call to resolve what we are trying to do? Should be a some what common scenario with trying to get access tokens for like a MS graph api call, but may not be explaining it well.
Thanks
-
0
hi
You can get tokens from HttpContext in Web project,
await httpContext.GetTokenAsync("access_token");
The
HttpApi project
will get token from HTTP request.bearer token
The
Auth
project is the issue and validates the token.So
string bearerToken = Request.Headers[HeaderNames.Authorization].ToString()
is the right way to get token inHttpApi project
-
0
Hello,
Can we schedule a call to better explain our issue and resolve the issue?
Thanks
-
0
If you have any questions, you can write here.