Access token/Authentication for Azure Delegated API Permission Call #4154 | Support Center | ABP Commercial

tjp102 created one year ago

ABP Framework version: v6.0.1
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes (multi-tiered)
Exception message and stack trace:
Steps to reproduce the issue:"

Hello,

In our current ABP project, we use OIDC with Azure AD to authenticate users to our project. We want to call some APIs in another project, which is using NodeJS and also in our tenant, but need to authenticate when calling their API.

Is there a way to retrieve a delegated API access token and call the other NodeJS application's APIs? Currently tried to add the other project as a delegated API permission through Azure in our Azure project app registration, but couldn't find a way to get the access token in our .NET project to call the other api.

Thanks

9 Answer(s)

0

maliming created one year ago
Support Team Fullstack Developer

hi

You can get tokens from HttpContext,

await httpContext.GetTokenAsync("access_token");

tjp102 created one year ago

hi

You can get tokens from HttpContext,

await httpContext.GetTokenAsync("access_token");

Hello,

When using the await and GetTokenAsync from above, the value returned is null. For example, when adding the code block below, the value shows as null. Are there any changes we need to make for the Authentication configuration for OIDC to retrieve the access_token?

if (User.Identity.IsAuthenticated)
            {
                Console.WriteLine("User is Authenticated!");
                string accessToken = await HttpContext.GetTokenAsync("access_token");
                Console.WriteLine("AccessToken {0}", accessToken);
            }

Here's a snippet of our OIDC config.

    context.Services.AddAuthentication()
            .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
            {
                options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAD:TenantId"] + "/v2.0/";
                options.ClientId = configuration["AzureAd:ClientId"];
                options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
                options.CallbackPath = configuration["AzureAd:CallbackPath"];
                options.ClientSecret = configuration["AzureAd:ClientSecret"];
                options.RequireHttpsMetadata = false;
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("email");                                 options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");

When using this line of code though, we do get a bearer token back, can you also confirm this bearer token should work for getting the delegated token?

string bearerToken = Request.Headers[HeaderNames.Authorization].ToString()

Thanks

0

tjp102 created one year ago

Hello,

Sorry, need to provide some clarification. We are trying to retrieve an access token for calling APIs of applications in our Microsoft tenant. The main question is how do we send requests for those access tokens? Similar concept to MSAL where you can send a request for an access token to have permission to call APIs, but how do we implement the request for tokens with ABP framework.

Thanks
0

maliming created one year ago
Support Team Fullstack Developer

hi

In which project are these codes located?

https://support.abp.io/QA/Questions/4154#answer-d85b2d49-33af-095c-f391-3a07fad9ab95
0
tjp102 created one year ago
Hello,

The code below was sitting in the HttpApi project inside a controller endpoint.

if (User.Identity.IsAuthenticated) { Console.WriteLine("User is Authenticated!"); string accessToken = await HttpContext.GetTokenAsync("access_token"); Console.WriteLine("AccessToken {0}", accessToken); }

The other code is in the HttpApi.Host project, in the given file with the name *ApiHostModule.cs.

Those code snippets aren't essential right now, we need to request an access token instead of retrieve from current context. The main thing is how can we request the needed access token from microsoft as mentioned in the other post. Sorry for any prior confusion. https://support.abp.io/QA/Questions/4154#answer-a2dd01f7-b10b-bd7d-e3ab-3a07fbfced67

Thanks
0

tjp102 created one year ago

Hello,

Could we maybe set up a working session/call to resolve what we are trying to do? Should be a some what common scenario with trying to get access tokens for like a MS graph api call, but may not be explaining it well.

Thanks
0

maliming created one year ago
Support Team Fullstack Developer

hi

You can get tokens from HttpContext in Web project, await httpContext.GetTokenAsync("access_token");

The HttpApi project will get token from HTTP request. bearer token

The Auth project is the issue and validates the token.

So string bearerToken = Request.Headers[HeaderNames.Authorization].ToString() is the right way to get token in HttpApi project
0

tjp102 created one year ago

Hello,

Can we schedule a call to better explain our issue and resolve the issue?

Thanks
0

maliming created one year ago
Support Team Fullstack Developer

If you have any questions, you can write here.

Have an answer to this question? Log in and write your answer.