OWIN middleware for OpenID Connect - Code flow ( Flow type - AuthorizationCode) documentation?

Question

In my implementation I am using OpenID-Connect Server (Identity Server v3+) to authenticate Asp.net MVC 5 app (with AngularJS front-end)

I am planning to use OID Code

Answer 1

The answer and comment replies by Pinpoint are spot on. Thanks!

But if you are willing to step away from the NuGet package and instead run modified source code for Microsoft.Owin.Security.OpenIdConnect you can get code (code) flow with form_post.

Of course this can be said for all open source project problems but this was an quick solution for a big thing in my case so I thought I'd share that it could be an option.

I downloaded code from https://github.com/aspnet/AspNetKatana, added the csproj to my solution and removed lines from https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs in AuthenticateCoreAsync().

You must then combine it with backchannel calls and then create your own new ClaimsIdentity() to set as the notification.AuthenticationTicket.

// Install-Package IdentityModel to handle the backchannel calls in a nicer fashion
AuthorizationCodeReceived = async notification =>
{
    var configuration = await notification.Options.ConfigurationManager
             .GetConfigurationAsync(notification.Request.CallCancelled);

    var tokenClient = new TokenClient(configuration.TokenEndpoint,
             notification.Options.ClientId, notification.Options.ClientSecret,
                  AuthenticationStyle.PostValues);
    var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(
        notification.ProtocolMessage.Code,
        "http://localhost:53004/signin-oidc",
        cancellationToken: notification.Request.CallCancelled);

    if (tokenResponse.IsError 
            || string.IsNullOrWhiteSpace(tokenResponse.AccessToken)
            || string.IsNullOrWhiteSpace(tokenResponse.RefreshToken))
    {
        notification.HandleResponse();
        notification.Response.Write("Error retrieving tokens.");
        return;
    }

    var userInfoClient = new UserInfoClient(configuration.UserInfoEndpoint);
    var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);

    if (userInfoResponse.IsError)
    {
        notification.HandleResponse();
        notification.Response.Write("Error retrieving user info.");
        return;
    }
    ..