Grab token in URL

Question

I created a web app using Dotnetcore 3.1. to authenticate with an API using the OAuth 2 method.

I need to find a way to get a code that is in a URL that is returned by the API.

In my project, Startup.cs looks like this:

public void ConfigureServices(IServiceCollection services)
        {
            services.AddRazorPages();
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = "MyAuthSchema";
            })
               .AddCookie()
               .AddOAuth("MyAuthSchema", options =>
               {
                   options.ClientId = Configuration["artAPI:ClientId"];
                   options.ClientSecret = Configuration["artAPI:ClientSecret"];
                   options.CallbackPath = new PathString("/test");
                   options.AuthorizationEndpoint = "https://artForce.ch/oauth/authorize?response_type=code&client_id=y_gkjtj448HGHG483&redirect_uri=https://display.zh.edu/authorize";
                   options.TokenEndpoint = "MyTokenEndPoint";
                   options.UserInformationEndpoint = "MyUserInformationEndPoint";
               });
        }

The 3rd-party API wants the format of the end point to look like this:

options.AuthorizationEndpoint = "https://artForce.ch/oauth/authorize?response_type=code&client_id=y_gkjtj448HGHG483&redirect_uri=https://display.zh.edu/authorize";

where https://artForce.ch/oauth/authorize is the 3rd party API endpoint

and https://display.zh.edu/authorize is my app.

I have it working, but I want to be able to get the authorization token in my code before it redirects me to https://display.zh.edu/authorize.

So when I try to authorize, I press a button that fires this controller:

[Route("[controller]/[action]")]
public class AuthController : Controller
{
    [HttpGet]
    public IActionResult Login(string returnUrl = "/")

    {
        return Challenge(new AuthenticationProperties() { RedirectUri = returnUrl });
    }
}

But right when it hits the return Challenge line, it redirects me and there's no way I can figure out for me to capture the authorization code before hand.

The redirection goes here:

https://display.zh.edu/authorize?code=JsAt9KwROG_19484846333GFHsuuwuh

and this is what I want to get before the redirection:

code=JsAt9KwROG_19484846333GFHsuuwuh

I even put a breakpoint in there and examined all the local and auto variables in Visual Studio but nothing shows any type of authorization code.

So I was wondering, if there's somewhere where I can grab that code inside my program, before it does the redirection?

Thanks!

Answer 1

You should add

.AddOAuth("MyAuthSchema", options =>
    {
        // save your tokens for future use
        config.SaveTokens = true;

        // get token inside oauth events
        config.Events.OnCreatingTicket = context =>
        {
            var token = context.AccessToken;
            return Task.CompletedTask;
        };
    });

Or when you set to true SaveToken configuration you should be able to get token everywhere in you code:

var token = await HttpContext.GetTokenAsync("access_token");