Hello,
Sounds good, thanks. For clarification, in the new API are you saying to make a new request to Azure to grab the tokens? Otherwise the tokens don't seem to exist in the HttpContext and need to be populated still.
Thanks.
Hello,
We integrated Azure AD to the ABP Angular application, allowing users to authentiate using Azure AD and the users are then added to the ABP Identity server.
We then added the Volo.Account module and noticed that when using the SignInManager, the ABP framework pulls in an access token from Azure AD and then exchanges it for an application token which is returned to Angular and stored. Is there a way for us to not exchange the application token and keep the access token from Azure AD to call others apis with the Azure AD access token?
Code below shows where the access token is acquired and exchanged in Volo.Abp.Account.Web.Pages.Account.Login.cshtml We print out the access token and it has the information we need, but we want that token stored in the frontend instead of the exchanged ABP token. Starting at line 191. https://github.com/abpframework/abp/blob/dev/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs
var loginInfo = await SignInManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
Logger.LogWarning("External login info is not available");
return RedirectToPage("./Login");
}
var result = await SignInManager.ExternalLoginSignInAsync(
loginInfo.LoginProvider,
loginInfo.ProviderKey,
isPersistent: false,
bypassTwoFactor: true
);
Console.WriteLine("HELLO WORLD!");
Console.WriteLine(loginInfo.AuthenticationTokens);
foreach(var item in loginInfo.AuthenticationTokens)
{
Console.WriteLine(item);
foreach (PropertyDescriptor descriptor in TypeDescriptor.GetProperties(item))
{
string name = descriptor.Name;
object value = descriptor.GetValue(item);
Console.WriteLine("{0}={1}", name, value);
}
Thanks
Hello,
Can we schedule a call to better explain our issue and resolve the issue?
Thanks
Hello,
Could we maybe set up a working session/call to resolve what we are trying to do? Should be a some what common scenario with trying to get access tokens for like a MS graph api call, but may not be explaining it well.
Thanks
Hello,
The code below was sitting in the HttpApi project inside a controller endpoint.
if (User.Identity.IsAuthenticated)
{
Console.WriteLine("User is Authenticated!");
string accessToken = await HttpContext.GetTokenAsync("access_token");
Console.WriteLine("AccessToken {0}", accessToken);
}
The other code is in the HttpApi.Host project, in the given file with the name *ApiHostModule.cs.
Those code snippets aren't essential right now, we need to request an access token instead of retrieve from current context. The main thing is how can we request the needed access token from microsoft as mentioned in the other post. Sorry for any prior confusion. https://support.abp.io/QA/Questions/4154#answer-a2dd01f7-b10b-bd7d-e3ab-3a07fbfced67
Thanks
Hello,
Sorry, need to provide some clarification. We are trying to retrieve an access token for calling APIs of applications in our Microsoft tenant. The main question is how do we send requests for those access tokens? Similar concept to MSAL where you can send a request for an access token to have permission to call APIs, but how do we implement the request for tokens with ABP framework.
Thanks
hi
You can get tokens from HttpContext,
await httpContext.GetTokenAsync("access_token");
Hello,
When using the await and GetTokenAsync from above, the value returned is null. For example, when adding the code block below, the value shows as null. Are there any changes we need to make for the Authentication configuration for OIDC to retrieve the access_token?
if (User.Identity.IsAuthenticated)
{
Console.WriteLine("User is Authenticated!");
string accessToken = await HttpContext.GetTokenAsync("access_token");
Console.WriteLine("AccessToken {0}", accessToken);
}
Here's a snippet of our OIDC config.
context.Services.AddAuthentication()
.AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
{
options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAD:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
When using this line of code though, we do get a bearer token back, can you also confirm this bearer token should work for getting the delegated token?
string bearerToken = Request.Headers[HeaderNames.Authorization].ToString()
Thanks