Generate access token with IdentityServer4 without password

Question

I have created ASP.NET Core WebApi protected with IdentityServer4 using ROPC flow (using this example: https://github.com/robisim74/AngularSPAWebAPI).

How to manually generate access_token from the server without password?

Answer 1

[HttpPost("loginas/{id}")] [Authorize(Roles = "admin")] public async Task<IActionResult> LoginAs(int id, [FromServices] ITokenService TS,      [FromServices] IUserClaimsPrincipalFactory<ApplicationUser> principalFactory,     [FromServices] IdentityServerOptions options) {     var Request = new TokenCreationRequest();                             var User = await userManager.FindByIdAsync(id.ToString());     var IdentityPricipal = await principalFactory.CreateAsync(User);     var IdServerPrincipal = IdentityServerPrincipal.Create(User.Id.ToString(), User.UserName, IdentityPricipal.Claims.ToArray());      Request.Subject = IdServerPrincipal;     Request.IncludeAllIdentityClaims = true;     Request.ValidatedRequest = new ValidatedRequest();     Request.ValidatedRequest.Subject = Request.Subject;     Request.ValidatedRequest.SetClient(Config.GetClients().First());     Request.Resources = new Resources(Config.GetIdentityResources(), Config.GetApiResources());     Request.ValidatedRequest.Options = options;     Request.ValidatedRequest.ClientClaims = IdServerPrincipal.Claims.ToArray();      var Token = await TS.CreateAccessTokenAsync(Request);     Token.Issuer = "http://" + HttpContext.Request.Host.Value;      var TokenValue = await TS.CreateSecurityTokenAsync(Token);     return Ok(TokenValue); } 

For a newly released IdentityServer 2.0.0 the code needs some modifications:

[HttpPost("loginas/{id}")] [Authorize(Roles = "admin")] public async Task<IActionResult> LoginAs(int id, [FromServices] ITokenService TS,      [FromServices] IUserClaimsPrincipalFactory<ApplicationUser> principalFactory,      [FromServices] IdentityServerOptions options) {     var Request = new TokenCreationRequest();     var User = await userManager.FindByIdAsync(id.ToString());     var IdentityPricipal = await principalFactory.CreateAsync(User);     var IdentityUser = new IdentityServerUser(User.Id.ToString());     IdentityUser.AdditionalClaims = IdentityPricipal.Claims.ToArray();     IdentityUser.DisplayName = User.UserName;     IdentityUser.AuthenticationTime = System.DateTime.UtcNow;     IdentityUser.IdentityProvider = IdentityServerConstants.LocalIdentityProvider;     Request.Subject = IdentityUser.CreatePrincipal();     Request.IncludeAllIdentityClaims = true;     Request.ValidatedRequest = new ValidatedRequest();     Request.ValidatedRequest.Subject = Request.Subject;     Request.ValidatedRequest.SetClient(Config.GetClients().First());     Request.Resources = new Resources(Config.GetIdentityResources(), Config.GetApiResources());     Request.ValidatedRequest.Options = options;     Request.ValidatedRequest.ClientClaims = IdentityUser.AdditionalClaims;     var Token = await TS.CreateAccessTokenAsync(Request);     Token.Issuer = HttpContext.Request.Scheme + "://" + HttpContext.Request.Host.Value;     var TokenValue = await TS.CreateSecurityTokenAsync(Token);     return Ok(TokenValue); } 

Answer 2

Use this:
http://docs.identityserver.io/en/latest/topics/tools.html

Use this tool that come with identity server:
Declare it in the constructor, to receive by dependecy injection.
IdentityServer4.IdentityServerTools _identityServerTools

      var issuer = "http://" + httpRequest.Host.Value;       var token = await _identityServerTools.IssueJwtAsync(           30000,           issuer,           new System.Security.Claims.Claim[1]            {               new System.Security.Claims.Claim("cpf", cpf)           }       );