I have used the OnSecurityTokenValidated event for getting the token after authentication like so:
services
.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.MetadataAddress = "https://login.microsoftonline.com/xxxxxxxxxx";
options.Wtrealm = "spn:xxxxxxx";
options.Events.OnSecurityTokenValidated = async context =>
{
var accessToken = context.ProtocolMessage.GetToken();
context.Response.Cookies.Append("access-token", accessToken, new CookieOptions()
{
IsEssential = true
});
};
})
.AddCookie(options =>
{
options.Cookie.Name = "access-token";
});
But, the token I get here is in xml format. It looks something like this:
<Assertion ID=\"_d45ddd2f-0417-413e-asdas-bf9417fcd400\" IssueInstant=\"2020-10-19T13:44:58.569Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>https://sts.windows.net/7ad4009f-sdfs-4576-81ba-3ad93dccbc9f/</Issuer><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"#_d45ddd2f-0417-dsfr-a83e-bf9417fcd400\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>dA8KcNkKXnwBRR9AwTHBXvMZiwKC+hMEVL6U86Ct3Vk=</DigestValue></Reference></SignedInfo><SignatureValue>A1RikDWtXjlDiZixwzEEpzg9SZ52xgfJzcUq07FWGBenGFZYVZY7pa3RbfFWiI808+fVptKwIHDlndP+cn1MXuFr8jubK/aBvLK2XBtBQ7FYT0sxwZ8R5sYmPeJZL558P7JmPejAz9C5QnxUWuONiisQAbhFJofPpku4TpNK14BuYOc+Y7C1m8v5l/lgZUgmAY5/nVFl6H0f5FFApwjPg9AEQVN1+ZUkCU8yAAAFOyQF3AHMeLqYtBEINnf2vqDzEOWmDdwjrkJbBDfwWxD0uGiX6ZVbtcklG+G/JIbSDvHo/uHUtBrZaOpCswShrHwlDtyx8H6HrCA5440gn8O+fA==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDBTCCAe2gAwIBAgIQQiR8gZNKuYdspH6cP+KIE5ijANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIwMDgyODAwMDAwMFoXDTI1MDgyODAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkymupuRhTpZc+6CBxQpL0SaAb+8CzLiiDyx2xRoecjojvKN2pKKjIX9cejMSDRoWaOnZCK4VZVX1iYRCWT1WkHb8r1ZpSGa7oXG89zxjKjwG46tiamwdZjJ7Mhh8fqLz9ApucY/LICPMJuu6d56LKs6hb4OpjylTvsNUAa+bHg1NgMFNg0fPCxdr9N2Y4J+Jhrz3VDl4oU0KDZX/pyRXblzA8kYGWm50dh5WB4WoB8MtW3lltVrRGj8/IgTf9GxpBsO9OWgwVByZHU7ctZs7AmUbq/59Ipql7vSM6EsoquXdMiq0QOcZAPitwzHkTKrmeULz0/RHnuBGXxS/e8wX0CAwEAAaMhMB8wHQYDVR0OBBYEFGcWXwaqmO25Blh2kHHAFrM/AS2CMA0GCSqGSIb3DQEBCwUAA4IBAQDFnKQ98CBnvVd4OhZP0KpaKbyDv93PGukE1ifWilFlWhvDde2mMv/ysBCWAR8AGSb1pAW/ZaJlMvqSN/+dXihcHzLEfKbCPw4/Mf2ikq4gqigt5t6hcTOSxL8wpe8OKkbNCMcU0cGpX5NJoqhJBt9SjoD3VPq7qRmDHX4h4nniKUMI7awI94iGtX/vlHnAMU4+8y6sfRQDGiCIWPSyypIWfEA6/O+SsEQ7vZ/b4mXlghUmxL+o2emsCI1e9PORvm5yc9Y/htN3Ju0x6ElHnih7MJT6/YUMISuyob9/mbw8Vf49M7H2t3AE5QIYcjqTwWJcwMlq5i9XfW2QLGH7K5i8</X509Certificate></X509Data></KeyInfo></Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\">knQ3jjiuyEK7fBlPy3wzD_jaJvUPxMI44mRt1oPoxbo</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"/></Subject><Conditions NotBefore=\"2020-10-19T13:39:58.444Z\" NotOnOrAfter=\"2020-10-19T14:44:58.444Z\"><AudienceRestriction><Audience>spn:66d4c072-8fa5-414d-af81-a9b15916a778</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.microsoft.com/identity/claims/tenantid\"><AttributeValue>7ad4009f-0ead-4576-81ba-3ad93dccbc9f</AttributeValue></Attribute><Attribute Name=\"http://schemas.microsoft.com/identity/claims/objectidentifier\"><AttributeValue>8af7ecfe-ebec-4cb3-ad1a-8e973b3dd944</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\"><AttributeValue>xxxxxxxxxxxxxxxxx</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\"><AttributeValue>Vijayan</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\"><AttributeValue>xxxxxxxxxxx</AttributeValue></Attribute><Attribute Name=\"http://schemas.microsoft.com/identity/claims/displayname\"><AttributeValue>xxxxxxxx</AttributeValue></Attribute><Attribute Name=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/groups\"><AttributeValue>23d3b69a-3b5d-4117-892a-32d1dfec6c63</AttributeValue><AttributeValue>7a874784-bb23-4051-b693-11807961551f</AttributeValue><AttributeValue>9c90fe93-8df7-48c9-82dd-b90db19c3544</AttributeValue><AttributeValue>2f4d75fb-179e-47ce-a388-3459aeabda2d</AttributeValue><AttributeValue>ad29d65c-76e3-4a27-bb4a-cb23014f532e</AttributeValue><AttributeValue>602f33ab-4561-4af7-9efb-c5b0ca10aa9f</AttributeValue><AttributeValue>27394d99-9cd4-4b0b-88d7-b2270b2608f4</AttributeValue></Attribute><Attribute Name=\"http://schemas.microsoft.com/identity/claims/identityprovider\"><AttributeValue>https://sts.windows.net/7ad4009f-0ead-4576-81ba-3ad93dccbc9f/</AttributeValue></Attribute><Attribute Name=\"http://schemas.microsoft.com/claims/authnmethodsreferences\"><AttributeValue>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AttributeValue></Attribute><Attribute Name=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/role\"><AttributeValue>Admin</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2020-10-19T05:31:13.432Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>
What I want is an access token so that I can append it to the headers in my HTTP Client and then call an API protected with JWT Bearer authentication. How can I do this?