Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to retrieve an OpenID Connect Identity Token from a cookie

Tags:

c#

authentication

cookies

openid-connect

owin

How can I retrieve the OpenID connect token from the cookie(s) produced by Microsoft's OWIN-based middleware?

I am using Microsoft.Owin.Security.Cookies and Microsoft.Owin.Security.OpenIdConnect to protect a website using an 'implicit flow'. At times I think I might be able understand things better or be able to troubleshoot i I could inspect the "raw" token rather than the object model that gets produced from it.

I understand the information is stored via Cookie, but have not found how I can I retrieve the token from the cookie(s). This is a development environment so I should have access to any certificates/secrets that are needed.

I understand that the token should have 3 segments separated by periods: {header}.{claims}.{signature}. If I can find the token I have learned that I can use jwt.io to view the contents. However, none of my cookies have contents matching that format.

This is the middleware configuration I am using:

app.SetDefaultSignInAsAuthenticationType( CookieAuthenticationDefaults.AuthenticationType );
app.UseCookieAuthentication( new CookieAuthenticationOptions() );

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
        {
        ClientId = clientId,
        Authority = stsAuthority,
        RedirectUri = baseHostingPath,
        ResponseType = "id_token",
        Scope = string.Join( " ", "openid", "profile", "email" )
        } );
like image 267
vossad01 Avatar asked Jun 17 '15 21:06

vossad01

1 Answers

If you want to do this just at debug time, I would suggest giving a try to https://github.com/vibronet/OInspector/tree/dev - it helps you to inspect the token in Fiddler.

If you want to do this in code, you can ensure that the raw token is saved in the ClaimsPrincipal by

  • Adding

    TokenValidationParameters = new TokenValidationParameters
{ 
    SaveSigninToken = true 
}

    to the options initialization

  • Retrieving the token via something to the effect of 

    var ci = (System.Security.Claims.ClaimsIdentity)
             ClaimsPrincipal.Current.Identity;
string token = ((System.IdentityModel.Tokens.BootstrapContext)
                   ci.BootstrapContext).Token;
like image 173
vibronet Avatar answered Oct 23 '22 21:10

vibronet
Sign in to Comment

Related questions

Signalr Client version 1.5, server version undefined
How to setup Visual Studio for Xamarin.Android?
CCSDS Reed Solomon Encoding
How to kill all connections to a SQL Server database using C# and SMO?
Programmatically add route
How do I delete or reinitialize a 'new' variable?
how to delete one column and row from jagged array in c#
Regular Expression - Match End if Start is Match
C# Derive From Generic Base Class (T : U<T>)
Detect an application runs by user click or Windows startup in C#
Unity UI RectTransform position does not make sense to me
IIS Worker Process on Windows Server 2012 Memory Limit
Cannot implicitly convert type 'string' to 'decimal'
Styling Kendo Window's content with Bootstrap
How do I determine if a polyhedron is convex?
Difference between ResumeAutomatic & ResumeSuspend modes of Windows Service
Entity Framework Seed not working
How should I reference HttpClient for dnx451 and dnxcore50?
What is this called and what does it do? (Part of a Generic Repository)
What is a vNext console application?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!