Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there a way to generate an access token from within Identity Server without using the endpoints?

I'm building an identity server deployment (Identity Server 4, hosted in an ASP.NET Core MVC application). As a part of the new user registration process, I need the identity server application to make a request against another API. I'd like to use, basically, the client credential flow to make this request, but instead of having the identity server make an http request against its own endpoint, would it be possible to just programmatically generate the token in C#?

What I'd like to do would be something like this:

public class AccountController : Controller
{
    [HttpPost("register")]
    public async Task<IActionResult> Register(UserRegistrationModel model)
    {
        // do stuff like validate model, create user, update database, etc

        // generate access token for other API
        var client = identityServer4DbContext.Clients.FirstOrDefault(c => c.Id = "myself");
        var token = tokenService.CreateAccessToken(client, StandardScopes.All.Concat(scopeForMyOtherApi));
        var httpClient = new HttpClient();
        httpClient.BaseAddress = new Uri("https://myotherapi/");

        var result = await httpClient.GetAsync("resource/info-i-need");

        // do something with result.
    }
}

I saw that there is an ITokenService in IdentityServer4, but it requires a TokenCreationRequest populated with stuff you only get when you have an http request (for a token) to handle, so it seems that it is only useful to IdentityServer4 itself.

I also recognize that I could use the IdentityModel client to make a request against my own endpoint, but that would involve a bit more configuration that I'd like to avoid - not to mention that it seems like I shouldn't have to do that from within the identity server application itself.

like image 232
Ben Collins Avatar asked Oct 11 '16 16:10

Ben Collins


Video Answer


1 Answers

In IdentityServer 3 it was possible to call IssueClientToken() OWIN extension method. In IdSrv 4, use IdentityServerTools.IssueJwtAsync() and IssueClientJwtAsync().

like image 74
d_f Avatar answered Nov 01 '22 19:11

d_f