Skip to content

Commit 6b32906

Browse files
ErwinvandervalkErwinvandervalk
committed
not working sample
1 parent a45a396 commit 6b32906

File tree

5 files changed

+53
-23
lines changed

5 files changed

+53
-23
lines changed

access-token-management/samples/WebClientAssertions/ClientAssertionService.cs

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -27,22 +27,22 @@ public class ClientAssertionService : IClientAssertionService
2727
/// </summary>
2828
private static readonly SigningCredentials Credential = new(
2929
new JsonWebKey("""
30-
{
31-
"d":"GmiaucNIzdvsEzGjZjd43SDToy1pz-Ph-shsOUXXh-dsYNGftITGerp8bO1iryXh_zUEo8oDK3r1y4klTonQ6bLsWw4ogjLPmL3yiqsoSjJa1G2Ymh_RY_sFZLLXAcrmpbzdWIAkgkHSZTaliL6g57vA7gxvd8L4s82wgGer_JmURI0ECbaCg98JVS0Srtf9GeTRHoX4foLWKc1Vq6NHthzqRMLZe-aRBNU9IMvXNd7kCcIbHCM3GTD_8cFj135nBPP2HOgC_ZXI1txsEf-djqJj8W5vaM7ViKU28IDv1gZGH3CatoysYx6jv1XJVvb2PH8RbFKbJmeyUm3Wvo-rgQ",
32-
"dp":"YNjVBTCIwZD65WCht5ve06vnBLP_Po1NtL_4lkholmPzJ5jbLYBU8f5foNp8DVJBdFQW7wcLmx85-NC5Pl1ZeyA-Ecbw4fDraa5Z4wUKlF0LT6VV79rfOF19y8kwf6MigyrDqMLcH_CRnRGg5NfDsijlZXffINGuxg6wWzhiqqE",
33-
"dq":"LfMDQbvTFNngkZjKkN2CBh5_MBG6Yrmfy4kWA8IC2HQqID5FtreiY2MTAwoDcoINfh3S5CItpuq94tlB2t-VUv8wunhbngHiB5xUprwGAAnwJ3DL39D2m43i_3YP-UO1TgZQUAOh7Jrd4foatpatTvBtY3F1DrCrUKE5Kkn770M",
34-
"e":"AQAB",
35-
"kid":"ZzAjSnraU3bkWGnnAqLapYGpTyNfLbjbzgAPbbW2GEA",
36-
"kty":"RSA",
37-
"n":"wWwQFtSzeRjjerpEM5Rmqz_DsNaZ9S1Bw6UbZkDLowuuTCjBWUax0vBMMxdy6XjEEK4Oq9lKMvx9JzjmeJf1knoqSNrox3Ka0rnxXpNAz6sATvme8p9mTXyp0cX4lF4U2J54xa2_S9NF5QWvpXvBeC4GAJx7QaSw4zrUkrc6XyaAiFnLhQEwKJCwUw4NOqIuYvYp_IXhw-5Ti_icDlZS-282PcccnBeOcX7vc21pozibIdmZJKqXNsL1Ibx5Nkx1F1jLnekJAmdaACDjYRLL_6n3W4wUp19UvzB1lGtXcJKLLkqB6YDiZNu16OSiSprfmrRXvYmvD8m6Fnl5aetgKw",
38-
"p":"7enorp9Pm9XSHaCvQyENcvdU99WCPbnp8vc0KnY_0g9UdX4ZDH07JwKu6DQEwfmUA1qspC-e_KFWTl3x0-I2eJRnHjLOoLrTjrVSBRhBMGEH5PvtZTTThnIY2LReH-6EhceGvcsJ_MhNDUEZLykiH1OnKhmRuvSdhi8oiETqtPE",
39-
"q":"0CBLGi_kRPLqI8yfVkpBbA9zkCAshgrWWn9hsq6a7Zl2LcLaLBRUxH0q1jWnXgeJh9o5v8sYGXwhbrmuypw7kJ0uA3OgEzSsNvX5Ay3R9sNel-3Mqm8Me5OfWWvmTEBOci8RwHstdR-7b9ZT13jk-dsZI7OlV_uBja1ny9Nz9ts",
40-
"qi":"pG6J4dcUDrDndMxa-ee1yG4KjZqqyCQcmPAfqklI2LmnpRIjcK78scclvpboI3JQyg6RCEKVMwAhVtQM6cBcIO3JrHgqeYDblp5wXHjto70HVW6Z8kBruNx1AH9E8LzNvSRL-JVTFzBkJuNgzKQfD0G77tQRgJ-Ri7qu3_9o1M4"
41-
}
30+
{
31+
"d":"GmiaucNIzdvsEzGjZjd43SDToy1pz-Ph-shsOUXXh-dsYNGftITGerp8bO1iryXh_zUEo8oDK3r1y4klTonQ6bLsWw4ogjLPmL3yiqsoSjJa1G2Ymh_RY_sFZLLXAcrmpbzdWIAkgkHSZTaliL6g57vA7gxvd8L4s82wgGer_JmURI0ECbaCg98JVS0Srtf9GeTRHoX4foLWKc1Vq6NHthzqRMLZe-aRBNU9IMvXNd7kCcIbHCM3GTD_8cFj135nBPP2HOgC_ZXI1txsEf-djqJj8W5vaM7ViKU28IDv1gZGH3CatoysYx6jv1XJVvb2PH8RbFKbJmeyUm3Wvo-rgQ",
32+
"dp":"YNjVBTCIwZD65WCht5ve06vnBLP_Po1NtL_4lkholmPzJ5jbLYBU8f5foNp8DVJBdFQW7wcLmx85-NC5Pl1ZeyA-Ecbw4fDraa5Z4wUKlF0LT6VV79rfOF19y8kwf6MigyrDqMLcH_CRnRGg5NfDsijlZXffINGuxg6wWzhiqqE",
33+
"dq":"LfMDQbvTFNngkZjKkN2CBh5_MBG6Yrmfy4kWA8IC2HQqID5FtreiY2MTAwoDcoINfh3S5CItpuq94tlB2t-VUv8wunhbngHiB5xUprwGAAnwJ3DL39D2m43i_3YP-UO1TgZQUAOh7Jrd4foatpatTvBtY3F1DrCrUKE5Kkn770M",
34+
"e":"AQAB",
35+
"kid":"ZzAjSnraU3bkWGnnAqLapYGpTyNfLbjbzgAPbbW2GEA",
36+
"kty":"RSA",
37+
"n":"wWwQFtSzeRjjerpEM5Rmqz_DsNaZ9S1Bw6UbZkDLowuuTCjBWUax0vBMMxdy6XjEEK4Oq9lKMvx9JzjmeJf1knoqSNrox3Ka0rnxXpNAz6sATvme8p9mTXyp0cX4lF4U2J54xa2_S9NF5QWvpXvBeC4GAJx7QaSw4zrUkrc6XyaAiFnLhQEwKJCwUw4NOqIuYvYp_IXhw-5Ti_icDlZS-282PcccnBeOcX7vc21pozibIdmZJKqXNsL1Ibx5Nkx1F1jLnekJAmdaACDjYRLL_6n3W4wUp19UvzB1lGtXcJKLLkqB6YDiZNu16OSiSprfmrRXvYmvD8m6Fnl5aetgKw",
38+
"p":"7enorp9Pm9XSHaCvQyENcvdU99WCPbnp8vc0KnY_0g9UdX4ZDH07JwKu6DQEwfmUA1qspC-e_KFWTl3x0-I2eJRnHjLOoLrTjrVSBRhBMGEH5PvtZTTThnIY2LReH-6EhceGvcsJ_MhNDUEZLykiH1OnKhmRuvSdhi8oiETqtPE",
39+
"q":"0CBLGi_kRPLqI8yfVkpBbA9zkCAshgrWWn9hsq6a7Zl2LcLaLBRUxH0q1jWnXgeJh9o5v8sYGXwhbrmuypw7kJ0uA3OgEzSsNvX5Ay3R9sNel-3Mqm8Me5OfWWvmTEBOci8RwHstdR-7b9ZT13jk-dsZI7OlV_uBja1ny9Nz9ts",
40+
"qi":"pG6J4dcUDrDndMxa-ee1yG4KjZqqyCQcmPAfqklI2LmnpRIjcK78scclvpboI3JQyg6RCEKVMwAhVtQM6cBcIO3JrHgqeYDblp5wXHjto70HVW6Z8kBruNx1AH9E8LzNvSRL-JVTFzBkJuNgzKQfD0G77tQRgJ-Ri7qu3_9o1M4"
41+
}
4242
"""),
4343
SecurityAlgorithms.RsaSha256);
4444

45-
private const string Authority = "https://demo.duendesoftware.com";
45+
private const string Authority = "https://localhost:5001";
4646

4747
public Task<ClientAssertion?> GetClientAssertionAsync(
4848
ClientCredentialsClientName? clientName = null,

access-token-management/samples/WebClientAssertions/Controllers/HomeController.cs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
using Duende.AccessTokenManagement;
66
using Duende.AccessTokenManagement.OpenIdConnect;
77
using Duende.IdentityModel.Client;
8+
using Microsoft.AspNetCore.Authentication;
89
using Microsoft.AspNetCore.Authorization;
910
using Microsoft.AspNetCore.Mvc;
1011

@@ -28,6 +29,9 @@ public HomeController(IHttpClientFactory httpClientFactory, IUserTokenManager to
2829

2930
public IActionResult Logout() => SignOut("cookie", "oidc");
3031

32+
[AllowAnonymous]
33+
public IActionResult Login() => Challenge(new AuthenticationProperties { RedirectUri = "/" });
34+
3135
// -----------------------------------------------------------------------
3236
// User token endpoints (DPoP + JWT client assertion)
3337
// -----------------------------------------------------------------------

access-token-management/samples/WebClientAssertions/Startup.cs

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ internal static WebApplication ConfigureServices(this WebApplicationBuilder buil
3232
})
3333
.AddOpenIdConnect("oidc", options =>
3434
{
35-
options.Authority = "https://demo.duendesoftware.com";
35+
options.Authority = "https://localhost:5001";
3636

3737
// Interactive client with JWT client auth + DPoP nonce mode.
3838
// This client has RequireDPoP = true, DPoPValidationMode = Nonce,
@@ -90,7 +90,7 @@ internal static WebApplication ConfigureServices(this WebApplicationBuilder buil
9090
builder.Services.AddClientCredentialsTokenManagement()
9191
.AddClient("m2m.jwt", client =>
9292
{
93-
client.TokenEndpoint = new Uri("https://demo.duendesoftware.com/connect/token");
93+
client.TokenEndpoint = new Uri("https://localhost:5001/connect/token");
9494
client.ClientId = ClientId.Parse("m2m.jwt");
9595
// No ClientSecret — assertion service provides credentials
9696
client.Scope = Scope.Parse("api");
@@ -102,12 +102,12 @@ internal static WebApplication ConfigureServices(this WebApplicationBuilder buil
102102
builder.Services.AddUserAccessTokenHttpClient("user_client",
103103
configureClient: client =>
104104
{
105-
client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/dpop/");
105+
client.BaseAddress = new Uri("https://localhost:5001/api/dpop/");
106106
});
107107

108108
builder.Services.AddHttpClient<TypedUserClient>(client =>
109109
{
110-
client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/dpop/");
110+
client.BaseAddress = new Uri("https://localhost:5001/api/dpop/");
111111
})
112112
.AddUserAccessTokenHandler();
113113

@@ -116,12 +116,12 @@ internal static WebApplication ConfigureServices(this WebApplicationBuilder buil
116116
ClientCredentialsClientName.Parse("m2m.jwt"),
117117
client =>
118118
{
119-
client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/");
119+
client.BaseAddress = new Uri("https://localhost:5001/api/");
120120
});
121121

122122
builder.Services.AddHttpClient<TypedClientClient>(client =>
123123
{
124-
client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/");
124+
client.BaseAddress = new Uri("https://localhost:5001/api/");
125125
})
126126
.AddClientCredentialsTokenHandler(ClientCredentialsClientName.Parse("m2m.jwt"));
127127

access-token-management/samples/WebClientAssertions/Views/Home/Index.cshtml

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,25 @@
88
including DPoP with server-issued nonces that trigger retries with fresh client assertions.
99
</p>
1010

11+
@if (User.Identity!.IsAuthenticated)
12+
{
13+
<h3>Call API as User (DPoP + JWT assertion)</h3>
14+
15+
<a asp-controller="Home" asp-action="CallApiAsUserManual">Manual</a>
16+
@("|")
17+
<a asp-controller="Home" asp-action="CallApiAsUserFactory">HTTP client factory</a>
18+
@("|")
19+
<a asp-controller="Home" asp-action="CallApiAsUserFactoryTyped">HTTP client factory (typed)</a>
20+
}
21+
else
22+
{
23+
<p>
24+
<a asp-controller="Home" asp-action="Login">Login</a> to call APIs as a user with DPoP + JWT client assertions.
25+
</p>
26+
}
27+
1128
<h3>Call API as Client (M2M / client credentials + JWT assertion)</h3>
1229

13-
<a href="./home/CallApiAsClientFactory">HTTP client factory</a>
30+
<a asp-controller="Home" asp-action="CallApiAsClientFactory">HTTP client factory</a>
1431
|
15-
<a href="./home/CallApiAsClientFactoryTyped">HTTP client factory (typed)</a>
32+
<a asp-controller="Home" asp-action="CallApiAsClientFactoryTyped">HTTP client factory (typed)</a>

access-token-management/samples/WebClientAssertions/Views/Shared/_Layout.cshtml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,14 +24,23 @@
2424
<li class="nav-item">
2525
<a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Secure">Secure</a>
2626
</li>
27-
27+
</ul>
28+
<ul class="navbar-nav">
2829
@if (User.Identity!.IsAuthenticated)
2930
{
31+
<li class="nav-item">
32+
<span class="nav-link text-dark">@User.Identity.Name</span>
33+
</li>
3034
<li class="nav-item">
3135
<a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Logout">Logout</a>
3236
</li>
3337
}
34-
38+
else
39+
{
40+
<li class="nav-item">
41+
<a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Login">Login</a>
42+
</li>
43+
}
3544
</ul>
3645
</div>
3746
</div>

0 commit comments

Comments
 (0)