Earlier the year I wrote a blog post which described how to access the JWT Bearer token when using ASP.NET Core 2.0. Though that was specifically for when using the JWT middleware, you could also use that technique when using the OIDC middleware. In ASP.NET Core 1.1 So for example, in ASP.NET Core 1.x, if you wanted to access the tokens (id_token, access_token and refresh_token) from your application, you could set the SaveTokens property when registering the OIDC middleware:
When using JSON Web Tokens (JWTs) as Bearer tokens in your ASP.NET Core Web API, it may sometimes be required to access the actual token which was passed to the API somewhere else in your API. For Remote Map for example I have the requirement to access the user’s full profile under certain conditions. I want to store some of the user’s personal information in the local database, and in order to obtain their information I have to call the /userinfo endpoint of the Auth0 Authentication API.
It seems I have not had much success with announcing my intentions to start a new project and blog about it. Before long something more interesting comes along and I am off in another direction and working on a new pet project. Case in point: GeoToast Well, seems I don’t learn as I am trying this again. This time however I have better motivation to get this done (I think).
I am busy working on some more samples for ASP.NET Core to demonstrate various techniques people can use Auth0 to authenticate their users. In most of our samples we use the standard OpenID Connect middleware, and one of the things I wanted to do was to pass extra parameters when the request is made to the Authorization endpoint. At Auth0 we allow users to authenticate with multiple social and Enterprise providers.
The problem During the development of the Auth0 .NET SDK, I ran into an issue with one of our Management API calls where it could return a different JSON structure based on parameters passed in by the user. The offending API call in question was the Users endpoint where you could pass in a parameter called include_totals which will return the list of users, along with the total number of records and some other paging information.
Background One of the ussues we faced when developing the .NET SDK for Auth0 was that user profiles can have different properties based on the origin of the user profile. There are a set of standard properties for a user profile, but over and above that many of the providers can “enhance” the user profile with extra properties. Here is an example of a user profile for a database user:
The new role I have been doing freelancing work for the past 4 months for a couple of clients, one of which is a company called Auth0. They offer an identity platform which allows developers to easily add authentication (and other identity management) tasks to their applications. The initial freelance work I did for them involved writing the C# SDK for their Authentication and Management APIs. Early in January they offered me a permanent position which I gladly accepted.