How to retrieve an OpenID Connect Identity Token from a cookie

5.9k views Asked by At

How can I retrieve the OpenID connect token from the cookie(s) produced by Microsoft's OWIN-based middleware?

I am using Microsoft.Owin.Security.Cookies and Microsoft.Owin.Security.OpenIdConnect to protect a website using an 'implicit flow'. At times I think I might be able understand things better or be able to troubleshoot i I could inspect the "raw" token rather than the object model that gets produced from it.

I understand the information is stored via Cookie, but have not found how I can I retrieve the token from the cookie(s). This is a development environment so I should have access to any certificates/secrets that are needed.

I understand that the token should have 3 segments separated by periods: {header}.{claims}.{signature}. If I can find the token I have learned that I can use jwt.io to view the contents. However, none of my cookies have contents matching that format.

This is the middleware configuration I am using:

app.SetDefaultSignInAsAuthenticationType( CookieAuthenticationDefaults.AuthenticationType );
app.UseCookieAuthentication( new CookieAuthenticationOptions() );

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
        {
        ClientId = clientId,
        Authority = stsAuthority,
        RedirectUri = baseHostingPath,
        ResponseType = "id_token",
        Scope = string.Join( " ", "openid", "profile", "email" )
        } );
1

There are 1 answers

0
vibronet On

If you want to do this just at debug time, I would suggest giving a try to https://github.com/vibronet/OInspector/tree/dev - it helps you to inspect the token in Fiddler.

If you want to do this in code, you can ensure that the raw token is saved in the ClaimsPrincipal by

  • Adding

    TokenValidationParameters = new TokenValidationParameters
    { 
        SaveSigninToken = true 
    }
    

    to the options initialization

  • Retrieving the token via something to the effect of

    var ci = (System.Security.Claims.ClaimsIdentity)
                 ClaimsPrincipal.Current.Identity;
    string token = ((System.IdentityModel.Tokens.BootstrapContext)
                       ci.BootstrapContext).Token;