Identity Server: Access tokens/items set in AuthorizationProeperties in ExternalLoginCallback on the client

Question

Question

I have an identity server implementation that is being used by a number of applications in test and production. I am currently working on a new feature, where the client application using the identity server can perform Azure service management REST api calls. For this, it needs a token. I can generate this token, store it and even access it in the AccountController in the identity server.

My issue is figuring out how to send this to the client. I don't think this token belongs in the claims for the user. So I tried to add it as part of AuthenticationProperties as a token, but I cannot seem to access it in the client. Should I store it in a session like this SO user did link? There is one answer to this question, but that does not seem right (I even tried it out of desperation!)

Relevant sections of code

Generate the token

var resource = "https://management.azure.com/";

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
     Events = new OpenIdConnectEvents
                {
                    OnAuthorizationCodeReceived = async context =>
                    {
                       // Acquire the token for the resource and save it
                    }
                }
}

Restore it in AccountController

public async Task<IActionResult> ExternalLoginCallback(string returnUrl)
{
      string resource = "https://management.azure.com/";

      // snip
      result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

      // snip

      AuthenticationProperties props = null;
      var tokens = new List<AuthenticationToken>();
      var id_token = info.Properties.GetTokenValue("id_token");
      if (id_token != null)
      {
          tokens.Add(new AuthenticationToken { Name = "id_token", Value = id_token });
      }

      if (result != null)
      {
          tokens.Add(new AuthenticationToken { Name = "management_token", Value = result.AccessToken });
      }

      if (tokens.Any())
      {
          props = new AuthenticationProperties();
          props.StoreTokens(tokens);
      }

     // snip
     // Can I access these "props" on the client? I even tried adding it to `Items`, no luck.
      await HttpContext.Authentication.SignInAsync(user.UserId, user.DisplayName, provider, props, additionalClaims.ToArray());
}

So, my question, is this the right way go about it? If so, how do I access the authentication properties set? Or should I try saving this in the Session? If so, how do I store it in the client's session?

Any pointers would help. Thank you!

any luck with finding a solution @k25 ? I'm dealing with a similar problem. https://stackoverflow.com/q/59552223/922713 — Amir Chatrbahr, Jan 01 '20 at 21:32
@AmirChatrbahr I posted an answer indicating how. Hope this helps! — k25, Jan 02 '20 at 18:36

score 0 · Accepted Answer · answered Jan 02 '20 at 18:35

0

Just wanted to post an answer so that people wanting the same can benefit.

A token cache can be implemented to achieve this. This repository explains how.

Pay special attention to the AdalDistributedTokenCache linked here

answered Jan 02 '20 at 18:35

k25

397
6
24

Identity Server: Access tokens/items set in AuthorizationProeperties in ExternalLoginCallback on the client

Question

Relevant sections of code

1 Answers1