Reputation: 43
I apologize in advance for my English.
I have to develop a web api that uses Oauth 2.0 to authenticate itself on an external site. Next I have to use the access token that is returned to me to send requests to the same site. I'm doing a test using the github API.
This is the Startup class:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
services.Configure<CookiePolicyOptions>(options =>
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "GitHub";
.AddOAuth("GitHub", options =>
options.ClientId = Configuration["GitHub:ClientId"];
options.ClientSecret = Configuration["GitHub:ClientSecret"];
options.CallbackPath = new PathString("/signin-github");
options.AuthorizationEndpoint = "";
options.TokenEndpoint = "";
options.UserInformationEndpoint = "";
options.SaveTokens = true;
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
options.ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
options.ClaimActions.MapJsonKey("urn:github:login", "login");
options.ClaimActions.MapJsonKey("urn:github:url", "html_url");
options.ClaimActions.MapJsonKey("urn:github:avatar", "avatar_url");
options.Events = new OAuthEvents
OnCreatingTicket = async context =>
Console.WriteLine("This is the access Token: " + context.AccessToken);
var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
var response = await context.Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, context.HttpContext.RequestAborted);
var user = JObject.Parse(await response.Content.ReadAsStringAsync());
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
if (env.IsDevelopment())
app.UseMvc(routes =>
name: "default",
template: "{controller}/{action=Index}/{id?}");
with this:
options.SaveTokens = true;
the token should be saved in AuthenticationProperties, but in my Controller I don't know how to access the token in order to pass it in the headers for requests.
The only thing I have found is an obsolete method, that is this:
var authenticateInfo = await HttpContext.Authentication.GetAuthenticateInfoAsync("Bearer");
string accessToken = authenticateInfo.Properties.Items[".Token.access_token"];
but i have this error:
No authentication handler is configured to authenticate for the scheme: Bearer
This is my Typed Client
public class Service
public HttpClient Client { get; }
public Service(HttpClient client)
var token = GetTokenAsync();
client.DefaultRequestHeaders.Add("Authorization", ""); //here I have to pass the access token
client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "{subscription key}");
Client = client;
public async Task<string> GetTokenAsync()
//I want the access token returned to me
return token;
Upvotes: 4
Views: 3040
Reputation: 27538
You can get the access token via :
var token = await HttpContext.GetTokenAsync("access_token");
Upvotes: 3