77redirect_from :
88 - /foss/accesstokenmanagement/advanced/client_assertions/
99---
10+ import { Code } from " @astrojs/starlight/components" ;
1011import { Tabs , TabItem } from " @astrojs/starlight/components" ;
1112
1213If your token client is using a client assertion instead of a shared secret, you can provide the assertion in two ways:
@@ -17,127 +18,127 @@ If your token client is using a client assertion instead of a shared secret, you
1718Here's a sample client assertion service using the Microsoft JWT library:
1819
1920{ /* prettier-ignore */ }
20- <Tabs syncKey = " atm " >
21+ <Tabs syncKey = " atmVersion " >
2122 { /* prettier-ignore */ }
2223 <TabItem label = " V4" >
23- ``` csharp
24- // ClientAssertionService.cs
25- using Duende .AccessTokenManagement ;
26- using Duende .IdentityModel ;
27- using Duende .IdentityModel .Client ;
28- using Microsoft .Extensions .Options ;
29- using Microsoft .IdentityModel .JsonWebTokens ;
30- using Microsoft .IdentityModel .Tokens ;
31-
32- public class ClientAssertionService (IOptionsSnapshot <ClientCredentialsClient > options )
33- : IClientAssertionService
24+ <Code
25+ lang = " csharp"
26+ title = " ClientAssertionService.cs"
27+ code = { ` using Duende.AccessTokenManagement;
28+ using Duende.IdentityModel;
29+ using Duende.IdentityModel.Client;
30+ using Microsoft.Extensions.Options;
31+ using Microsoft.IdentityModel.JsonWebTokens;
32+ using Microsoft.IdentityModel.Tokens;
33+
34+ public class ClientAssertionService(IOptionsSnapshot<ClientCredentialsClient> options)
35+ : IClientAssertionService
36+ {
37+ public Task<ClientAssertion?> GetClientAssertionAsync(
38+ ClientCredentialsClientName? clientName = null, TokenRequestParameters? parameters = null)
3439 {
35- public Task <ClientAssertion ?> GetClientAssertionAsync (
36- ClientCredentialsClientName ? clientName = null , TokenRequestParameters ? parameters = null )
40+ if (clientName == "invoice")
3741 {
38- if (clientName == " invoice" )
42+ var options1 = options.Get(clientName);
43+
44+ var descriptor = new SecurityTokenDescriptor
3945 {
40- var options1 = options .Get (clientName );
46+ Issuer = options1.ClientId,
47+ Audience = options1.TokenEndpoint,
48+ Expires = DateTime.UtcNow.AddMinutes(1),
49+ SigningCredentials = GetSigningCredential(),
4150
42- var descriptor = new SecurityTokenDescriptor
51+ Claims = new Dictionary<string, object>
4352 {
44- Issuer = options1 .ClientId ,
45- Audience = options1 .TokenEndpoint ,
46- Expires = DateTime .UtcNow .AddMinutes (1 ),
47- SigningCredentials = GetSigningCredential (),
48-
49- Claims = new Dictionary <string , object >
50- {
51- { JwtClaimTypes .JwtId , Guid .NewGuid ().ToString () },
52- { JwtClaimTypes .Subject , options1 .ClientId ! },
53- { JwtClaimTypes .IssuedAt , DateTime .UtcNow .ToEpochTime () }
54- },
55-
56- AdditionalHeaderClaims = new Dictionary <string , object >
57- {
58- { JwtClaimTypes .TokenType , " client-authentication+jwt" }
59- }
60- };
61-
62- var handler = new JsonWebTokenHandler ();
63- var jwt = handler .CreateToken (descriptor );
64-
65- return Task .FromResult <ClientAssertion ?>(new ClientAssertion
53+ { JwtClaimTypes.JwtId, Guid.NewGuid().ToString() },
54+ { JwtClaimTypes.Subject, options1.ClientId! },
55+ { JwtClaimTypes.IssuedAt, DateTime.UtcNow.ToEpochTime() }
56+ },
57+
58+ AdditionalHeaderClaims = new Dictionary<string, object>
6659 {
67- Type = OidcConstants .ClientAssertionTypes .JwtBearer ,
68- Value = jwt
69- });
70- }
60+ { JwtClaimTypes.TokenType, "client-authentication+jwt" }
61+ }
62+ };
7163
72- return Task . FromResult < ClientAssertion ?>( null );
73- }
64+ var handler = new JsonWebTokenHandler( );
65+ var jwt = handler.CreateToken(descriptor);
7466
75- private SigningCredentials GetSigningCredential ()
76- {
77- throw new NotImplementedException ();
67+ return Task.FromResult<ClientAssertion?>(new ClientAssertion
68+ {
69+ Type = OidcConstants.ClientAssertionTypes.JwtBearer,
70+ Value = jwt
71+ });
7872 }
73+
74+ return Task.FromResult<ClientAssertion?>(null);
75+ }
76+
77+ private SigningCredentials GetSigningCredential()
78+ {
79+ throw new NotImplementedException();
7980 }
80- ```
81+ } ` } />
8182 </TabItem >
8283 <TabItem label = " V3" >
8384
84- ``` csharp
85- // ClientAssertionService.cs
86- using Duende .AccessTokenManagement ;
87- using Duende .IdentityModel ;
88- using Duende .IdentityModel .Client ;
89- using Microsoft .Extensions .Options ;
90- using Microsoft .IdentityModel .JsonWebTokens ;
91- using Microsoft .IdentityModel .Tokens ;
92-
93- public class ClientAssertionService (IOptionsSnapshot <ClientCredentialsClient > options )
94- : IClientAssertionService
85+ <Code
86+ lang = " csharp"
87+ title = " ClientAssertionService.cs"
88+ code = { ` using Duende.AccessTokenManagement;
89+ using Duende.IdentityModel;
90+ using Duende.IdentityModel.Client;
91+ using Microsoft.Extensions.Options;
92+ using Microsoft.IdentityModel.JsonWebTokens;
93+ using Microsoft.IdentityModel.Tokens;
94+
95+ public class ClientAssertionService(IOptionsSnapshot<ClientCredentialsClient> options)
96+ : IClientAssertionService
97+ {
98+ public Task<ClientAssertion?> GetClientAssertionAsync(
99+ string? clientName = null, TokenRequestParameters? parameters = null)
95100 {
96- public Task <ClientAssertion ?> GetClientAssertionAsync (
97- string ? clientName = null , TokenRequestParameters ? parameters = null )
101+ if (clientName == "invoice")
98102 {
99- if (clientName == " invoice" )
103+ var options1 = options.Get(clientName);
104+
105+ var descriptor = new SecurityTokenDescriptor
100106 {
101- var options1 = options .Get (clientName );
107+ Issuer = options1.ClientId,
108+ Audience = options1.TokenEndpoint,
109+ Expires = DateTime.UtcNow.AddMinutes(1),
110+ SigningCredentials = GetSigningCredential(),
102111
103- var descriptor = new SecurityTokenDescriptor
112+ Claims = new Dictionary<string, object>
104113 {
105- Issuer = options1 .ClientId ,
106- Audience = options1 .TokenEndpoint ,
107- Expires = DateTime .UtcNow .AddMinutes (1 ),
108- SigningCredentials = GetSigningCredential (),
109-
110- Claims = new Dictionary <string , object >
111- {
112- { JwtClaimTypes .JwtId , Guid .NewGuid ().ToString () },
113- { JwtClaimTypes .Subject , options1 .ClientId ! },
114- { JwtClaimTypes .IssuedAt , DateTime .UtcNow .ToEpochTime () }
115- },
116-
117- AdditionalHeaderClaims = new Dictionary <string , object >
118- {
119- { JwtClaimTypes .TokenType , " client-authentication+jwt" }
120- }
121- };
122-
123- var handler = new JsonWebTokenHandler ();
124- var jwt = handler .CreateToken (descriptor );
125-
126- return Task .FromResult <ClientAssertion ?>(new ClientAssertion
114+ { JwtClaimTypes.JwtId, Guid.NewGuid().ToString() },
115+ { JwtClaimTypes.Subject, options1.ClientId! },
116+ { JwtClaimTypes.IssuedAt, DateTime.UtcNow.ToEpochTime() }
117+ },
118+
119+ AdditionalHeaderClaims = new Dictionary<string, object>
127120 {
128- Type = OidcConstants .ClientAssertionTypes .JwtBearer ,
129- Value = jwt
130- });
131- }
121+ { JwtClaimTypes.TokenType, "client-authentication+jwt" }
122+ }
123+ };
132124
133- return Task . FromResult < ClientAssertion ?>( null );
134- }
125+ var handler = new JsonWebTokenHandler( );
126+ var jwt = handler.CreateToken(descriptor);
135127
136- private SigningCredentials GetSigningCredential ()
137- {
138- throw new NotImplementedException ();
128+ return Task.FromResult<ClientAssertion?>(new ClientAssertion
129+ {
130+ Type = OidcConstants.ClientAssertionTypes.JwtBearer,
131+ Value = jwt
132+ });
139133 }
134+
135+ return Task.FromResult<ClientAssertion?>(null);
136+ }
137+
138+ private SigningCredentials GetSigningCredential()
139+ {
140+ throw new NotImplementedException();
140141 }
141- ```
142+ } ` } />
142143 </TabItem >
143144</Tabs >
0 commit comments