I have a MT-App that authorizes users in my multi tenant application.
When a users logs in I verify that the issuer of the id-token is a known tenant from AzureAd. Using the GUID from the tenant.
Works like a charm :D
Now the a customer want me to do some "writeback" to their source system, by calling an API exposed through APIM.
I thought this is what OIDC/oAuth was all about, but I am not able to find any good examples on how to do this.
First thing I'm struggling with is actually how to get the access token.
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.AzureAD.UI;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD(o =>
{
o.OpenIdConnectSchemeName = AzureADDefaults.OpenIdScheme;
o.Instance = "https://login.microsoftonline.com/";
o.TenantId = "organizations";
o.CallbackPath = "/signin-oidc";
OnTokenValidated = e =>
{
//This can not be the way to do it. but for now.
var accestoken = e.SecurityToken.RawData; //This is the AccessToken
For now I'm storing the access token in a cookie, probably not the best way,
I have seen some docs mentioning a SaveToken option, but does not seem to be part og the AddAzureAD extension options.
After that calling APIM with the access token in the Authorization Header should do the trick?