Logo
  • Home
  • Consepts and glossary
  • Getting started - Learning and code samples
  • Overview of packages

Api protection

  • Require authentication by default (in .NET Core)

End user authentication

  • End user authentication
  • How to
    • Authentication with an Angular + BFF application
    • Blazor
  • Tutorials
    • Security middlewares
    • Token expiration
      • Token expiration handling with Angular BFF Client and Downstream APIs
      • Token Expiry Handling with Blazor server client and Downstream APIs
      • Token Expiry Handling with Downstream APIs

Server to server authentication

  • Server to server (M2M)
  • How to
    • HttpClient: Client credentials token request(HelseID and EntraID)
    • Manual tokenrequest using duende
    • HttpClient: Maskinporten token request (JWT-bearer authorization grant)
  • Tutorials
    • ClientCredentials
      • Duende AccessTokenManagement library
FHI authentication and authorization extensions
  • Server to server authentication
  • How to
  • Manual tokenrequest using duende
  • Edit on GitHub

Manual: token request using Duende¶

The sample uses Duende.IdentityModel.Client

In [ ]:
Copied! 
#!csharp
#load "../HttpLoggerHelper.csx"
#r "nuget: Fhi.Authentication.Extensions, 4.0.0"
#r "nuget: Duende.IdentityModel, 7.1.0"

using System.Net.Http;
using System.Net.Http.Headers;
using Duende.IdentityModel.Client;
using Duende.IdentityModel;

var client = new HttpClient();
var discovery = await client.GetDiscoveryDocumentAsync("https://demo.duendesoftware.com");
Console.WriteLine($"Discovery Document: {discovery.IsError}");
if (discovery is not null && !discovery.IsError && discovery.Issuer is not null && discovery.TokenEndpoint is not null)
{
    var tokenRequest = new ClientCredentialsTokenRequest()
    {
        ClientId = "m2m",
        Address = discovery.TokenEndpoint,
        GrantType = OidcConstants.GrantTypes.ClientCredentials,
        ClientCredentialStyle = ClientCredentialStyle.PostBody,
        ClientSecret = "secret", // This is used for shared secrets, not needed when using client assertion
        ////ClientAssertion = new ClientAssertion()
        ////{
        ////    Type = OidcConstants.ClientAssertionTypes.JwtBearer,
        ////    Value = ClientAssertionTokenHandler.CreateJwtToken(discovery.Issuer, ""m2m.jwt, "jwk...")
        ////},
        Scope = "api"
    };
    var tokenResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest);
    await HttpLogger.LogResponse(tokenResponse.HttpResponse);
}
#!csharp #load "../HttpLoggerHelper.csx" #r "nuget: Fhi.Authentication.Extensions, 4.0.0" #r "nuget: Duende.IdentityModel, 7.1.0" using System.Net.Http; using System.Net.Http.Headers; using Duende.IdentityModel.Client; using Duende.IdentityModel; var client = new HttpClient(); var discovery = await client.GetDiscoveryDocumentAsync("https://demo.duendesoftware.com"); Console.WriteLine($"Discovery Document: {discovery.IsError}"); if (discovery is not null && !discovery.IsError && discovery.Issuer is not null && discovery.TokenEndpoint is not null) { var tokenRequest = new ClientCredentialsTokenRequest() { ClientId = "m2m", Address = discovery.TokenEndpoint, GrantType = OidcConstants.GrantTypes.ClientCredentials, ClientCredentialStyle = ClientCredentialStyle.PostBody, ClientSecret = "secret", // This is used for shared secrets, not needed when using client assertion ////ClientAssertion = new ClientAssertion() ////{ //// Type = OidcConstants.ClientAssertionTypes.JwtBearer, //// Value = ClientAssertionTokenHandler.CreateJwtToken(discovery.Issuer, ""m2m.jwt, "jwk...") ////}, Scope = "api" }; var tokenResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest); await HttpLogger.LogResponse(tokenResponse.HttpResponse); }
Previous Next
Built with MkDocs using a theme provided by Read the Docs.
GitHub « Previous Next »