TechQA.

Get ID Token to forward to another Application

1.6k views Asked by At

I'd like to retrieve the ID Token that I can send it via GET/POST request to another application, after successful authentication.

Scenario is the following:

  • Multiple web applications using different urls (*.domain.com)
  • All applications need authentication against Azure Active Directory
  • Too many URL's to put them all as redirect_url (would need one for every hostname)
  • Idea is to have a "login" app (login.domain.com) which handles the login and then forwards the ID Token to the *.domain.com applications (using URL in the state field)
  • *.domain.com then verifies the ID Token and authorizes users

Using Microsoft.AspNetCore.Authentication.OpenIdConnect, I cannot figure out how to retrieve the ID Token so that I can forward it properly.

I've used the VS2015 Template for ASP.NET Core 1.0 Web Application and configured authentication properly (this works)

Now I need to get the Token somehow, but I can't figure out how.

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions()
        {
            ClientId = Configuration["Authentication:AzureAd:ClientId"],
            Authority = Configuration["Authentication:AzureAd:AADInstance"] + "Common",
            CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],

            TokenValidationParameters = new TokenValidationParameters
            {
                // Instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
                // we inject our own multitenant validation logic
                ValidateIssuer = false,

                // If the app is meant to be accessed by entire organizations, add your issuer validation logic here.
                //IssuerValidator = (issuer, securityToken, validationParameters) => {
                //    if (myIssuerValidationLogic(issuer)) return issuer;
                //}
            },
            Events = new OpenIdConnectEvents
            {
                OnTicketReceived = (context) =>
                {
                    // If your authentication logic is based on users then add your logic here
                    return Task.FromResult(0);

                },
                OnAuthenticationFailed = (context) =>
                {
                    context.Response.Redirect("/Home/Error");
                    context.HandleResponse(); // Suppress the exception
                    return Task.FromResult(0);
                },
                // If your application needs to do authenticate single users, add your user validation below.
                //OnTokenValidated = (context) =>
                //{
                //    return myUserValidationLogic(context.Ticket.Principal);
                //}
            }
        });

I guess I should be able to get it in the OnTicketReceived event using the TicketReceivedContext ?

asp.net-core asp.net-core-middleware asp.net-core-identity
Original Q&A
2

There are 2 answers

0
MichelZ On

I was using the wrong event. In the OnTokenValidated event, you get access to context.SecurityToken.RawData, which is the raw token that is received, and is exactly what I need.

0
AlinIacob On

You can also try this:

string idToken = string.Empty;
if (ctx.Properties.Items.ContainsKey(".Token.id_token"))
{
     idToken = ctx.Properties.Items[".Token.id_token"];
}

Related Questions in ASP.NET-CORE

Related Questions in ASP.NET-CORE-MIDDLEWARE

Related Questions in ASP.NET-CORE-IDENTITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions