How can I use ASP.NET MVC Owin AccessToken in Google.Apis call? -

I'm trying to use the AccessToken provided by Owin in Google.Apis requests but I'm receiveing the exception System.InvalidOperationException (Additional information: The access token has expired but we can't refresh it).
My configuration of Google Authentication is OK and I can successfully login into my application with it. I store the context.AccessToken as a Claim in the authentication callback (OnAuthenticated "event" of GoogleOAuth2AuthenticationProvider).
My Startup.Auth.cs configuration (app.UseGoogleAuthentication(ConfigureGooglePlus()))
private GoogleOAuth2AuthenticationOptions ConfigureGooglePlus()
var goolePlusOptions = new GoogleOAuth2AuthenticationOptions()
ClientId = "",
ClientSecret = "YYYYYYzzzzzz",
Provider = new GoogleOAuth2AuthenticationProvider()
OnAuthenticated = context =>
context.Identity.AddClaim(new System.Security.Claims.Claim("Google_AccessToken", context.AccessToken));
return Task.FromResult(0);
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie
return goolePlusOptions;
The code in which the exception is throwed (Execute() method)
var externalIdentity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
var accessTokenClaim = externalIdentity.FindAll(loginProvider + "_AccessToken").First();
var secrets = new ClientSecrets()
ClientId = "",
ClientSecret = "YYYYYYzzzzzz"
IAuthorizationCodeFlow flow =
new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
ClientSecrets = secrets,
Scopes = new[] { PlusService.Scope.PlusLogin, PlusService.Scope.UserinfoEmail }
UserCredential credential = new UserCredential(flow, "me", new TokenResponse() { AccessToken = accessTokenClaim.Value });
var ps = new PlusService(
new BaseClientService.Initializer()
ApplicationName = "My App Name",
HttpClientInitializer = credential
var k = ps.People.List("me", PeopleResource.ListRequest.CollectionEnum.Visible).Execute();
Is there another way to get the original AccessToken or refresh it without pass thru the entire authentication process (the user is already authenticated)?
I need to query some GooglePlus profile data such as GivenName, familyName, gender, profile picture and profile url.

Linda helped me with an URL pointing to a new mvc sample (
I just had to add AccessType = "offline" to GoogleOAuth2AuthenticationOptions and save some extra info to create a new instance of TokenResponse when I need.
Google Authentication Options
private GoogleOAuth2AuthenticationOptions ConfigureGooglePlus()
var goolePlusOptions = new GoogleOAuth2AuthenticationOptions()
AccessType = "offline",
ClientId = "",
ClientSecret = "Yyyyyyyyyy",
Provider = new GoogleOAuth2AuthenticationProvider()
OnAuthenticated = context =>
context.Identity.AddClaim(new System.Security.Claims.Claim("Google_AccessToken", context.AccessToken));
if (context.RefreshToken != null)
context.Identity.AddClaim(new Claim("GoogleRefreshToken", context.RefreshToken));
context.Identity.AddClaim(new Claim("GoogleUserId", context.Id));
context.Identity.AddClaim(new Claim("GoogleTokenIssuedAt", DateTime.Now.ToBinary().ToString()));
var expiresInSec = (long)(context.ExpiresIn.Value.TotalSeconds);
context.Identity.AddClaim(new Claim("GoogleTokenExpiresIn", expiresInSec.ToString()));
return Task.FromResult(0);
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie
return goolePlusOptions;
How to retrieve the credentials (using token info "stored" as claim)
private async Task<UserCredential> GetCredentialForApiAsync()
var initializer = new GoogleAuthorizationCodeFlow.Initializer
ClientSecrets = new ClientSecrets
ClientId = "",
ClientSecret = "YYyyyyyyyyy",
Scopes = new[] {
"" }
var flow = new GoogleAuthorizationCodeFlow(initializer);
var identity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ApplicationCookie);
var userId = identity.FindFirstValue("GoogleUserId");
var token = new TokenResponse()
AccessToken = identity.FindFirstValue("Google_AccessToken"),
RefreshToken = identity.FindFirstValue("GoogleRefreshToken"),
Issued = DateTime.FromBinary(long.Parse(identity.FindFirstValue("GoogleTokenIssuedAt"))),
ExpiresInSeconds = long.Parse(identity.FindFirstValue("GoogleTokenExpiresIn")),
return new UserCredential(flow, userId, token);


How to make API request from Google authentication in ASP.NET?

I do not understand how I can get the authorization code/access token to make a request.
This is my .AddGoogle():
builder.Services.AddAuthentication(o =>
o.DefaultChallengeScheme = "Google";
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie().AddGoogle("Google",options =>
IConfigurationSection auth = builder.Configuration.GetSection("Authentication:Google");
options.ClientId = auth["ClientId"];
options.ClientSecret = auth["ClientSecret"];
options.CallbackPath = "/Home";
options.AuthorizationEndpoint += "?prompt=consent";
options.SaveTokens = true;
So I log in / register, and then what?
I've tried this method
UserCredential credential;
var flow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer()
ClientSecrets = new ClientSecrets()
ClientId = configuration.GetSection("Authentication:Google")["ClientId"],
ClientSecret = configuration.GetSection("Authentication:Google")["ClientSecret"]
Scopes = new[] {
var token = new TokenResponse
AccessToken = "",
RefreshToken = ""
credential = new UserCredential(flow, "user", token);
FitnessService fitnessService = new FitnessService(new BaseClientService.Initializer()
ApplicationName = "Exrecise App",
HttpClientInitializer = credential
var resp = await fitnessService.Users.Sessions.List("me").ExecuteAsync();
But how do I get the tokens to begin with?
I even tried HttpClient (by pasting the token from OAuthplayground)
HttpClient http = new HttpClient();
var resp = await http.SendAsync(new HttpRequestMessage()
RequestUri = new UriBuilder("").Uri,
Headers =
{ "Authorization","Bearer " }
Method = HttpMethod.Get
return Ok(await resp.Content.ReadAsStringAsync());
Same problem, how do I get the access token from the currently signed in user?
I looked everywhere, but every solution is either outdated or is unclear or just doesn't work for some reason.

Populating email value with Owin.Security.Providers.Yahoo

I am using the Yahoo Owin security provider to authenticate my web application users using Yahoo. They are able to authenticate correctly, however, the Email property is always null. How do I configure this provider so that the ExternalLoginInfo.Email property is set after the call to AuthenticationManager.GetExternalLoginInfoAsync? My authentication configuration is setup like this:
app.UseYahooAuthentication(new YahooAuthenticationOptions
AuthenticationMode = AuthenticationMode.Passive,
AuthenticationType = "Yahoo",
BackchannelTimeout = TimeSpan.FromSeconds(60),
Caption = "Yahoo",
ConsumerKey = yahooKey,
ConsumerSecret = yahooSecret,
Provider = new YahooAuthenticationProvider
OnAuthenticated = context =>
foreach (var claim in context.User)
var claimType = $"urn:yahoo:{claim.Key}";
var claimValue = claim.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new Claim(claimType, claimValue, "XmlSchemaString", "Yahoo"));
return Task.FromResult(0);

Integrating IdentityServer4 With WebAPI

I am trying to integrate IdentityServer4 with ASP.NET MVC WebAPI.I want to achieve role based authorization. I have the following projects running.
IdentityServer4 [a separate project]
Javascript Application [using Extjs]
I have implemented the ResourceOwnerPassword flow and what I am trying to do is,
Make a post request to AccountController of the WebApi containing username and password
Inside the AccountController call the IdentityServer token endpoint for an access token and return the access token to the client (javascript app)
Make a request to the WebApi containing the access token.
For the above part I am success full, here is the code
POSTMAN call for Login
public async Task<BaseModel> Login(LoginModel model)
model.RememberMe = false;
var status = await _security.Login(model.Email, model.Password, model.RememberMe);
if (status.Status == LoginStatus.Succeded)
return new BaseModel { success = true, message = "login", data = status.Data };
public async Task<LoginResponse> Login(string userName, string password, bool persistCookie = false)
// discover endpoints from metadata
var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
// request token
var tokenClient = new TokenClient(disco.TokenEndpoint, "ro.client", "secret");
var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync(userName, password, "api1");
if (tokenResponse.IsError)
return new LoginResponse { Status = LoginStatus.Failed, Message = tokenResponse.Error };
return new LoginResponse { Status = LoginStatus.Succeded, Data = tokenResponse.Json };
Security the API
I have two more actions inside the AccountController (just for testing) namely:
values() [returns success and requires no authentication]
SecureValues [returns success and requires authentication]
public BaseModel values()
return new BaseModel
success = true
public BaseModel SecureValues()
return new BaseModel
success = true
calling "Values" action returns the success which is quite obvious, calling the "SecureValues" gives following
Which means that the user is not Authenticated.
My IdentityServer4 configuration is as follows:
public class Config
// scopes define the resources in your system
public static IEnumerable<Scope> GetScopes()
return new List<Scope>
new Scope
Name = "api1",
Description = "My API",
DisplayName = "API Access",
Type = ScopeType.Resource,
IncludeAllClaimsForUser = true,
Claims = new List<ScopeClaim>
new ScopeClaim(ClaimTypes.Name),
new ScopeClaim(ClaimTypes.Role)
new Scope
Enabled = true,
Name = "role",
DisplayName = "Role(s)",
Description = "roles of user",
Type = ScopeType.Identity,
Claims = new List<ScopeClaim>
new ScopeClaim(ClaimTypes.Role,false)
// clients want to access resources (aka scopes)
public static IEnumerable<Client> GetClients()
// client credentials client
return new List<Client>
new Client
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
new Secret("secret".Sha256())
AllowedScopes = { "api1" }
// resource owner password grant client
new Client
ClientId = "ro.client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
new Secret("secret".Sha256())
AllowedScopes = { "api1" }
// OpenID Connect implicit flow client (MVC)
new Client
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002" },
AllowedScopes =
//for hybrid flow
new Client
ClientId = "mvchybrid",
ClientName ="mvc hybrid client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
new Secret("secret".Sha256())
RedirectUris = {"http://localhost:5003/signin-oidc"},
PostLogoutRedirectUris = {"http://localhost:5003"},
AllowedScopes =
new Client
ClientId = "js",
ClientName = "javascript client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser= true,
RedirectUris = {"http://localhost:5004/callback.html"},
PostLogoutRedirectUris = {"http://localhost:5004/index.html"},
AllowedCorsOrigins = {"http://localhost:5004"},
AllowedScopes =
//aspnet identity client
new Client
ClientId = "mvcIdentity",
ClientName = "Mvc Identity Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
ClientSecrets =
new Secret("secret".Sha256())
RedirectUris = {"http://localhost:5005/signin-oidc"},
PostLogoutRedirectUris = {"http://localhost:5005"},
AllowedScopes =
public static List<InMemoryUser> GetUsers()
return new List<InMemoryUser>
new InMemoryUser
Subject = "1",
Username = "",
Password = "password",
Claims = new List<Claim>
new Claim("name", "Alice"),
new Claim("website", ""),
new Claim(ClaimTypes.Role,"FreeUser")
new InMemoryUser
Subject = "2",
Username = "",
Password = "password",
Claims = new List<Claim>
new Claim("name", "Bob"),
new Claim("website", ""),
new Claim(ClaimTypes.Role,"PaidUser")
WebApi configuration
public void ConfigureAuth(IAppBuilder app)
app.UseIdentityServerBearerTokenAuthentication(new IdentityServer3.AccessTokenValidation.IdentityServerBearerTokenAuthenticationOptions
Authority = "localhost:5000",
RequiredScopes = new[] { "api1" },
ClientId = "ro.client",
ClientSecret = "secret",
PreserveAccessToken = true
It looks like your Authority in your UseIdentityServerBearerTokenAuthentication middleware is wrong. I think it should be "http://localhost:5000".
Also enabling logging (with trace) to console you can see why your authorization was challenged sometimes.

Connecting with Javascript to Web API protected by IdentityServer3

I have a Asp.NET MVC / WebAPI project with an embedded IdentityServer3.
I want both MVC and WebAPI to be protected by the IdentityServer. So I have used Authorize attribute on both MVC controllers and API controllers.
When surfing to my test page (which is protected) I get redirected to the IdentityServer login page. I enter my username and password and get authenticated and redirected back.
On the page I have a button that triggers a GET from javascript, with my access token in the authorization header, to my protected API. But here it fails with a 401 Unauthorized.
I get the access token to javascript by rendering it to the page with Razor.
I have 1 client in the IdentityServer set to hybrid flow. MVC uses cookies, while the API uses bearer tokens.
On my API HttpConfiguration I have set SuppressDefaultHostAuthentication. If I remove that line everything works, but then it uses cookies for the API which I don't want.
I use only HTTP and RequireSsl=false for now to avoid potential certificate problems.
I have tried for days to get this to work but I'm getting nowhere.
I don't even know how to debug this to get to cause of the 401.
By now I recognize just about every page that google suggests when I search for help.
Any ideas what it could be or how to debug this?
Here is my Startup.cs
public class Startup
public void Configuration(IAppBuilder app)
Log.Logger = new LoggerConfiguration()
// MVC client
string authBaseAddress = "http://localhost:50319/identity";
string tokenEndpoint = authBaseAddress + "/connect/token";
string userInfoEndpoint = authBaseAddress + "/connect/userinfo";
string redirectUri = "http://localhost:50319/";
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = "Cookies"
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
ClientId = "hybrid_clients",
Authority = authBaseAddress,
RedirectUri = redirectUri,
ResponseType = "code id_token token",
Scope = "openid profile roles sampleApi offline_access",
TokenValidationParameters = new TokenValidationParameters
NameClaimType = "name",
RoleClaimType = "role"
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
AuthorizationCodeReceived = async n =>
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
if (tokenResponse.IsError)
throw new Exception(tokenResponse.Error);
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient(
new Uri(userInfoEndpoint),
var userInfoResponse = await userInfoClient.GetAsync();
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, "name", "role"),
// Attach the id_token for the logout roundtrip to IdentityServer
RedirectToIdentityProvider = n =>
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
return Task.FromResult(0);
AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
// web api
app.Map("/api", a =>
var config = new HttpConfiguration();
a.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
//AuthenticationMode = AuthenticationMode.Active,
Authority = authBaseAddress,
RequiredScopes = new[] { "sampleApi" },
DelayLoadMetadata = true
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Identity server
app.Map("/identity", idsrvApp =>
idsrvApp.UseIdentityServer(new IdentityServerOptions
SiteName = "Embedded IdentityServer",
SigningCertificate = LoadCertificate(),
Factory = new IdentityServerServiceFactory()
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions()
EnablePostSignOutAutoRedirect = true // Automatically redirects back to the client on signout
RequireSsl = false,
X509Certificate2 LoadCertificate()
return new X509Certificate2(
string.Format(#"{0}\bin\idsrv3test.pfx", AppDomain.CurrentDomain.BaseDirectory), "idsrv3test");
My client
new Client
Enabled = true,
ClientName = "Hybrid Clients",
ClientId = "hybrid_clients",
Flow = Flows.Hybrid,
//AllowAccessTokensViaBrowser = false,
RedirectUris = new List<string>
PostLogoutRedirectUris = new List<string>
AllowedScopes = new List<string>
ClientSecrets = new List<Secret>
new Secret("secret".Sha256())
AccessTokenType = AccessTokenType.Reference,
LogoutSessionRequired = true
My scopes
public static class Scopes
public static IEnumerable<Scope> Get()
var scopes = new List<Scope>
new Scope
Enabled = true,
Name = "roles",
Type = ScopeType.Identity,
Claims = new List<ScopeClaim>
new ScopeClaim("role")
new Scope
Enabled = true,
DisplayName = "Sample API",
Name = "sampleApi",
Description = "Access to a sample API",
Type = ScopeType.Resource
return scopes;
public class SecuredApiController : ApiController
public IHttpActionResult Get()
var user = User as ClaimsPrincipal;
var claims = from c in user.Claims
select new
type = c.Type,
value = c.Value
return Json(claims);
Part of my Razor view
<button data-bind="click:callApi">Call API</button>
<span data-bind="text:apiResult"></span>
$(function() {
ko.myViewModel = new ClientAppViewModel('#ViewData["access_token"]');
My JavaScript (KnockoutJS) that calls SecuredApi
function ClientAppViewModel(accessToken) {
var self = this;
self.accessToken = accessToken;
self.apiResult = ko.observable('empty');
self.callApi = function () {
var xhr = new XMLHttpRequest();"GET", "http://localhost:50319/api/SecuredApi");
xhr.onload = function () {
self.apiResult(JSON.stringify(JSON.parse(xhr.response), null, 2));
xhr.setRequestHeader("Authorization", "Bearer " + self.accessToken);
The Katana logs for the API are what you want. With these you will see why the API is returning a 401.
You can access these using the Microsoft.Owin log source (see Katana Documentation)

WSO2 Identity Server with OpenId Connect

I am trying to use WSO2 Identity Server (5.1.0) with Asp.Net MVC, as a proof of concept i created a sample MVC project in visual studio 2015.
Following the WSO2 Guide, i have configured the identity server as required.
On the sample application, i have added reference to Microsoft.Owin.Security.OpenIdConnect and added code to ConfigureAuth in Startup.Auth.cs file.
public void ConfigureAuth(IAppBuilder app)
// Configure the db context, user manager and signin manager to use a single instance per request
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
// Uncomment the following lines to enable logging in with third party login providers
// clientId: "",
// clientSecret: "");
// consumerKey: "",
// consumerSecret: "");
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
// ClientId = "",
// ClientSecret = ""
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
ClientId = "SENmQQ9fOWcrqXjK1u3lXINhXtEa",
ClientSecret = "bFBJQqj4GT2Wfv8735fTTuHh3Isa",
Authority = "https://localhost:9443",
RedirectUri = "",
SignInAsAuthenticationType = "ClientCredCookie",
ResponseType = "id_token token",
Scope = "openid",
Configuration = new OpenIdConnectConfiguration
AuthorizationEndpoint = "https://localhost:9443/oauth2/authorize",
TokenEndpoint = "https://localhost:9443/oauth2/token"
Notifications = new OpenIdConnectAuthenticationNotifications()
RedirectToIdentityProvider = n =>
return Task.FromResult(0);
SecurityTokenReceived = n =>
return Task.FromResult(0);
AuthorizationCodeReceived = n =>
return Task.FromResult(0);
SecurityTokenValidated = n =>
var token = n.ProtocolMessage.AccessToken;
// persist access token in cookie
if (!string.IsNullOrEmpty(token))
new Claim("access_token", token));
return Task.FromResult(0);
AuthenticationFailed = notification =>
if (string.Equals(notification.ProtocolMessage.Error, "access_denied", StringComparison.Ordinal))
return Task.FromResult<object>(null);
When i run the application, on login it redirects to WSO2 Identity Server login and manage to login but when it redirect to Account\ExternalLoginCallback, the logininfo is always null.
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
Any advise as to why this is not working will be appreciated.?
NB: I tried to put a break point on SecurityTokenValidated but it did not hit that break point. The only breakpoint which i got hit was RedirectToIdentityProvider.
It's work well for me:
Step1 : Config WSO2 with this:
public async Task<RedirectResult> LoginOAuth()
var url = "https://localhost:9443/oauth2/authorize?response_type=code&client_id=5a8urZQAc0r4R7iUS9ar1wOoq9Ma&scope=openid&redirect_uri=http://localhost:49545/Home/GetCode";
var client = new HttpClient();
var response = await client.GetAsync(url);
string urlDistance = response.RequestMessage.RequestUri.ToString();
return Redirect(urlDistance);
public async Task<RedirectToRouteResult> GetCode()
//باشد GetCode همشون حتما باید
var client = new HttpClient();
string code = Request.QueryString["code"];
string sessionState = Request.QueryString["session_state"];
string client_id = Request.QueryString["client_id"];
//از طریق ارسال کد میخواد توکن رو بگیره
var values = new Dictionary<string, string>
{ "code", code },
{ "sessionState", sessionState },
{ "client_id", "5a8urZQAc0r4R7iUS9ar1wOoq9Ma" },
{ "client_secret", "b0yefcCc4ftVYJm7ffQi2IZZ0eMa" },
{ "grant_type", "authorization_code" },
{ "redirect_uri", "http://localhost:49545/Home/GetCode" }//??????????????
var content = new FormUrlEncodedContent(values);
client = new HttpClient();
var response2 = await client.PostAsync("https://localhost:9443/oauth2/token", content);
string responseString = await response2.Content.ReadAsStringAsync();
JObject jsonResult = JObject.Parse(responseString);
string access_token = jsonResult["access_token"].ToString();
string refresh_token = jsonResult["refresh_token"].ToString();
string scope = jsonResult["scope"].ToString();
string id_token = jsonResult["id_token"].ToString();
string token_type = jsonResult["token_type"].ToString();
string expires_in = jsonResult["expires_in"].ToString();
var httpClient = new HttpClient();
httpClient.BaseAddress = new Uri("https://localhost:9443/oauth2/userinfo?schema=openid");
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", access_token);
string result = await httpClient.GetStringAsync("/oauth2/userinfo?schema=openid");
return RedirectToAction("Contact");
