demo.duende.com

Author: Erwinvandervalk

access-token-management/samples/WebClientAssertions/Controllers/HomeController.cs

@@ -3,8 +3,8 @@
 
 using System.Text.Json;
 using Duende.AccessTokenManagement;
+using Duende.AccessTokenManagement.DPoP;
 using Duende.AccessTokenManagement.OpenIdConnect;
-using Duende.IdentityModel.Client;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -15,11 +15,13 @@ public class HomeController : Controller
 {
     private readonly IHttpClientFactory _httpClientFactory;
     private readonly IUserTokenManager _tokenManager;
+    private readonly IDPoPProofService _dPoPProofService;
 
-    public HomeController(IHttpClientFactory httpClientFactory, IUserTokenManager tokenManager)
+    public HomeController(IHttpClientFactory httpClientFactory, IUserTokenManager tokenManager, IDPoPProofService dPoPProofService)
     {
         _httpClientFactory = httpClientFactory;
         _tokenManager = tokenManager;
+        _dPoPProofService = dPoPProofService;
     }
 
     [AllowAnonymous]
@@ -39,11 +41,33 @@ public HomeController(IHttpClientFactory httpClientFactory, IUserTokenManager to
     public async Task<IActionResult> CallApiAsUserManual()
     {
         var token = await _tokenManager.GetAccessTokenAsync(User).GetToken();
+
+        var url = new Uri("https://demo.duendesoftware.com/api/dpop/test");
+        var request = new HttpRequestMessage(HttpMethod.Get, url);
+        request.Headers.Authorization = new ("DPoP", token.AccessToken.ToString());
+
+        if (token.DPoPJsonWebKey is { } key)
+        {
+            var proof = await _dPoPProofService.CreateProofTokenAsync(new DPoPProofRequest
+            {
+                Url = url,
+                Method = HttpMethod.Get,
+                DPoPProofKey = key,
+                AccessToken = token.AccessToken,
+            });
+
+            if (proof is not null)
+            {
+                request.SetDPoPProofToken(proof.Value);
+            }
+        }
+
         var client = _httpClientFactory.CreateClient();
-        client.SetBearerToken(token.AccessToken.ToString()!);
+        var response = await client.SendAsync(request);
+        response.EnsureSuccessStatusCode();
 
-        var response = await client.GetStringAsync("https://demo.duendesoftware.com/api/dpop/test");
-        ViewBag.Json = PrettyPrint(response);
+        var json = await response.Content.ReadAsStringAsync();
+        ViewBag.Json = PrettyPrint(json);
 
         return View("CallApi");
     }

access-token-management/samples/WebClientAssertions/Startup.cs

@@ -86,14 +86,15 @@ internal static WebApplication ConfigureServices(this WebApplicationBuilder buil
         // Register our client assertion service (replaces the default no-op)
         builder.Services.AddTransient<IClientAssertionService, ClientAssertionService>();
 
-        // --- Named M2M client (client credentials with JWT auth, no DPoP) ---
+        // --- Named M2M client (client credentials with JWT auth + DPoP) ---
         builder.Services.AddClientCredentialsTokenManagement()
             .AddClient("m2m.jwt", client =>
             {
                 client.TokenEndpoint = new Uri("https://demo.duendesoftware.com/connect/token");
                 client.ClientId = ClientId.Parse("m2m.jwt");
                 // No ClientSecret — assertion service provides credentials
                 client.Scope = Scope.Parse("api");
+                client.DPoPJsonWebKey = DPoPProofKey.Parse(dpopJwk);
             });
 
         // --- HTTP Clients ---
@@ -111,17 +112,17 @@ internal static WebApplication ConfigureServices(this WebApplicationBuilder buil
             })
             .AddUserAccessTokenHandler();
 
-        // Client access token clients (M2M with JWT assertion, no DPoP)
+        // Client access token clients (M2M with JWT assertion + DPoP)
         builder.Services.AddClientCredentialsHttpClient("client",
             ClientCredentialsClientName.Parse("m2m.jwt"),
             client =>
             {
-                client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/");
+                client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/dpop/");
             });
 
         builder.Services.AddHttpClient<TypedClientClient>(client =>
             {
-                client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/");
+                client.BaseAddress = new Uri("https://demo.duendesoftware.com/api/dpop/");
             })
             .AddClientCredentialsTokenHandler(ClientCredentialsClientName.Parse("m2m.jwt"));