Skip to content

murphymj5209/token-mgmt-ui-delegated-token-exchange

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
.github/workflows
.github/workflows
 
 
images
images
 
 
src
src
 
 
.gitignore
.gitignore
 
 
IdentityProvider.sln
IdentityProvider.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ASP.NET Core delegated OAuth 2.0 Token Exchange RFC 8693 access token management

ASP.NET Core implementation of the OAuth 2.0 Token Exchange RFC 8693 standard using Entra ID and Duende IdentityServer.

.NET

Setup

The solution implements an ASP.NET Core web application which authenticates using Microsoft Entra ID. The web application uses an API protected with a Microsoft Entra ID access token. This API uses another downstream API protected with Duende IdentityServer. The API exchanges the Microsoft Entra ID access token for a new Duende IdentityServer access token using the OAuth 2.0 Token Exchange standard. Both APIs use a user delegated access token. The tokens are persisted on the trusted backend using the IDistributedCache implementation. This can be an in-memory cache or a persistent cache. When using this cache, it is important to automatically renew the access token, if it is missing or invalid.

ASP.NET Core access token management

Blogs in this series

Migrations

Add-Migration "InitIdentityNew" -c ApplicationDbContext

Update-Database

Further examples of OAuth 2.0 Token Exchange RFC 8693

OAuth 2.0 Token Exchange delegated implementation with Microsoft Entra ID and OpenIddict (RFC 8693)

https://github.com/damienbod/OAuthGrantExchangeOidcDownstreamApi

OAuth 2.0 Token Exchange delegated implementation with Microsoft Entra ID and OpenIddict

History

  • 2025-02-07 Update packages
  • 2025-02-01 Initial version

Links

https://damienbod.com/2023/01/09/implement-the-oauth-2-0-token-exchange-delegated-flow-between-an-azure-ad-api-and-an-api-protected-using-openiddict/

https://github.com/damienbod/OAuthGrantExchangeOidcDownstreamApi

https://docs.duendesoftware.com/identityserver/v7/tokens/extension_grants/token_exchange/

https://datatracker.ietf.org/doc/html/rfc8693

https://www.youtube.com/watch?v=Ue8HKBGkIJY&t=

https://github.com/damienbod/OnBehalfFlowOidcDownstreamApi

https://www.rfc-editor.org/rfc/rfc6749#section-5.2

https://github.com/blowdart/idunno.Authentication/tree/dev/src/idunno.Authentication.Basic

Standards

JSON Web Token (JWT)

Best Current Practice for OAuth 2.0 Security

The OAuth 2.0 Authorization Framework

OAuth 2.0 Demonstrating Proof of Possession DPoP

OAuth 2.0 JWT-Secured Authorization Request (JAR) RFC 9101

OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

OpenID Connect 1.0

Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow

OAuth 2.0 Token Exchange RFC 8693

JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

HTTP Semantics RFC 9110

About

Token management delegated OAuth 2.0 Token Exchange RFC 8693

damienbod.com/2025/02/10/asp-net-core-delegated-oauth-token-exchange-access-token-management/

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 57.8%
  • HTML 18.3%
  • CSS 11.9%
  • Less 11.9%
  • JavaScript 0.1%