How do I get an OAuth 2 0 authentication token in C

Question

I have these settings    Auth URL  which happens to be a  https   login microsoftonline com       if that helps  Access Token URL  https   service endpoint com api oauth2 token  ClientId  abc  Clientsecret  123    I then need to make a get call using a bearer token in the header   I can get this to work in Postman  but have hit a wall trying to work out how to implement it in C   I ve been using RestSharp  but open to others   It all seems so opaque  when I thought it d be pretty straight forward  it s a console app  so I don t need bells and whistles   Ultimately  I want my app to  programatically  get a token  then use that for my subsequent calls  I d appreciate anyone pointing me to documentation or examples  that explains what I m after clearly  Everything I ve come across is partial or for services operating on a different flow   Thanks

User · Answer

I used ADAL NET  Microsoft Identity Platform to achieve this  The advantage of using it was that we get a nice wrapper around the code to acquire AccessToken and we get additional features like Token Cache out-of-the-box  From the documentation   Why use ADAL NET   ADAL NET V3  Active Directory Authentication Library for  NET  enables developers of  NET applications to acquire tokens in order to call secured Web APIs  These Web APIs can be the Microsoft Graph  or 3rd party Web APIs   Here is the code snippet         Import Nuget package  Microsoft Identity Client     public class AuthenticationService                private readonly List lt string gt   scopes           private readonly IConfidentialClientApplication  app           public AuthenticationService AuthenticationConfiguration authentication                           app   ConfidentialClientApplicationBuilder                           Create authentication ClientId                            WithClientSecret authentication ClientSecret                            WithAuthority authentication Authority                            Build                 scopes   new List lt string gt     quot  authentication Audience   default quot                     public async Task lt string gt  GetAccessToken                       var authenticationResult   await  app AcquireTokenForClient  scopes                                                    ExecuteAsync               return authenticationResult AccessToken

User · Answer

Clearly   Server side generating a token example  private string GenerateToken string userName        var someClaims   new Claim            new Claim JwtRegisteredClaimNames UniqueName  userName           new Claim JwtRegisteredClaimNames Email  GetEmail userName            new Claim JwtRegisteredClaimNames NameId Guid NewGuid   ToString                SecurityKey securityKey   new SymmetricSecurityKey Encoding UTF8 GetBytes  settings Tokenizer Key        var token   new JwtSecurityToken          issuer   settings Tokenizer Issuer          audience   settings Tokenizer Audience          claims  someClaims          expires  DateTime Now AddHours  settings Tokenizer ExpiryHours           signingCredentials  new SigningCredentials securityKey  SecurityAlgorithms HmacSha256              return new JwtSecurityTokenHandler   WriteToken token        note  Tokenizer is my helper class that contains Issuer Audience etc     Definitely   Client side getting a token for authentication      public async Task lt string gt  GetToken                 string token               var siteSettings   DependencyResolver Current GetService lt SiteSettings gt              var client   new HttpClient            client BaseAddress   new Uri siteSettings PopularSearchRequest StaticApiUrl           client DefaultRequestHeaders Accept Clear              client DefaultRequestHeaders Accept Add new MediaTypeWithQualityHeaderValue  application json              StatisticUserModel user   new StatisticUserModel                         Password   siteSettings PopularSearchRequest Password              Username   siteSettings PopularSearchRequest Username                     string jsonUser   JsonConvert SerializeObject user  Formatting Indented           var stringContent   new StringContent jsonUser  Encoding UTF8   application json            var response   await client PostAsync siteSettings PopularSearchRequest StaticApiUrl     api token new   stringContent           token   await response Content ReadAsStringAsync             return token          You can use this token for the authorization  that is in the subsequent requests

User · Answer

The Rest Client answer is perfect   I upvoted it   But  just in case you want to go  raw               I got this to work with HttpClient       nuget packages newtonsoft json 12 0 1  nuget packages system net http 4 3 4     using Newtonsoft Json  using System  using System Collections Generic  using System Net Http  using System Net Http Headers  using System Threading Tasks  using System Web        private static async Task lt Token gt  GetElibilityToken HttpClient client                string baseAddress     https   blah blah blah com oauth2 token            string grant type    client credentials           string client id    myId           string client secret    shhhhhhhhhhhhhhItsSecret            var form   new Dictionary lt string  string gt                                          grant type   grant type                         client id   client id                         client secret   client secret                               HttpResponseMessage tokenResponse   await client PostAsync baseAddress  new FormUrlEncodedContent form            var jsonContent   await tokenResponse Content ReadAsStringAsync            Token tok   JsonConvert DeserializeObject lt Token gt  jsonContent           return tok          internal class Token        JsonProperty  access token        public string AccessToken   get  set          JsonProperty  token type        public string TokenType   get  set          JsonProperty  expires in        public int ExpiresIn   get  set          JsonProperty  refresh token        public string RefreshToken   get  set               Here is another  working example  based off the answer above       with a few more tweaks   Sometimes the token-service is finicky       private static async Task lt Token gt  GetATokenToTestMyRestApiUsingHttpClient HttpClient client                   this code has lots of commented out stuff with different permutations of tweaking the request                 this is a version of asking for token using HttpClient   aka  an alternate to using default libraries instead of RestClient             OAuthValues oav   GetOAuthValues       object has has simple string properties for TokenUrl  GrantType  ClientId and ClientSecret             var form   new Dictionary lt string  string gt                                           grant type   oav GrantType                           client id   oav ClientId                           client secret   oav ClientSecret                                  now tweak the http client            client DefaultRequestHeaders Clear            client DefaultRequestHeaders Add  cache-control    no-cache                try 1                client DefaultRequestHeaders Add  content-type    application x-www-form-urlencoded                try 2                client DefaultRequestHeaders             Accept             Add new MediaTypeWithQualityHeaderValue  application x-www-form-urlencoded      ACCEPT header             try 3                does not compile   client Content Headers ContentType   new MediaTypeHeaderValue  application x-www-form-urlencoded                 application x-www-form-urlencoded          HttpRequestMessage req   new HttpRequestMessage HttpMethod Post  oav TokenUrl                req RequestUri   new Uri baseAddress            req Content   new FormUrlEncodedContent form                string jsonPayload       grant type         oav GrantType         client id         oav ClientId         client secret         oav ClientSecret                      req Content   new StringContent jsonPayload                                                 Encoding UTF8                                                  application json     CONTENT-TYPE header          req Content Headers ContentType   new MediaTypeHeaderValue  application x-www-form-urlencoded                now make the request                HttpResponseMessage tokenResponse   await client PostAsync baseAddress  new FormUrlEncodedContent form            HttpResponseMessage tokenResponse   await client SendAsync req           Console WriteLine string Format  HttpResponseMessage ReasonPhrase   0     tokenResponse ReasonPhrase             if   tokenResponse IsSuccessStatusCode                        throw new HttpRequestException  Call to get Token with HttpClient failed                        var jsonContent   await tokenResponse Content ReadAsStringAsync            Token tok   JsonConvert DeserializeObject lt Token gt  jsonContent            return tok          APPEND  Bonus Material   If you ever get a       The remote certificate is invalid according to the validation   procedure     exception      you can wire in a handler to see what is going on  and massage if necessary   using System  using System Collections Generic  using System Text  using Newtonsoft Json  using System Net Http  using System Net Http Headers  using System Threading Tasks  using System Web  using System Net   namespace MyNamespace       public class MyTokenRetrieverWithExtraStuff               public static async Task lt Token gt  GetElibilityToken                         using  HttpClientHandler httpClientHandler   new HttpClientHandler                                  httpClientHandler ServerCertificateCustomValidationCallback   CertificateValidationCallBack                  using  HttpClient client   new HttpClient httpClientHandler                                         return await GetElibilityToken client                                                      private static async Task lt Token gt  GetElibilityToken HttpClient client                           throws certificate error if your cert is wired to localhost                   string baseAddress     https   127 0 0 1 someapp oauth2 token                  string baseAddress     https   localhost someapp oauth2 token            string baseAddress     https   blah blah blah com oauth2 token            string grant type    client credentials           string client id    myId           string client secret    shhhhhhhhhhhhhhItsSecret            var form   new Dictionary lt string  string gt                                          grant type   grant type                         client id   client id                         client secret   client secret                                   HttpResponseMessage tokenResponse   await client PostAsync baseAddress  new FormUrlEncodedContent form                var jsonContent   await tokenResponse Content ReadAsStringAsync                Token tok   JsonConvert DeserializeObject lt Token gt  jsonContent               return tok                     private static bool CertificateValidationCallBack          object sender          System Security Cryptography X509Certificates X509Certificate certificate          System Security Cryptography X509Certificates X509Chain chain          System Net Security SslPolicyErrors sslPolicyErrors                           If the certificate is a valid  signed certificate  return true              if  sslPolicyErrors    System Net Security SslPolicyErrors None                                return true                                If there are errors in the certificate chain  look at each error to determine the cause              if   sslPolicyErrors  amp  System Net Security SslPolicyErrors RemoteCertificateChainErrors     0                                if  chain    null  amp  amp  chain ChainStatus    null                                        foreach  System Security Cryptography X509Certificates X509ChainStatus status in chain ChainStatus                                                if   certificate Subject    certificate Issuer   amp  amp                              status Status    System Security Cryptography X509Certificates X509ChainStatusFlags UntrustedRoot                                                            Self-signed certificates with an untrusted root are valid                               continue                                                    else                                                       if  status Status    System Security Cryptography X509Certificates X509ChainStatusFlags NoError                                                                   If there are any other errors in the certificate chain  the certificate is invalid                                     so the method returns false                                  return false                                                                                                                      When processing reaches this line  the only errors in the certificate chain are                     untrusted root errors for self-signed certificates  These certificates are valid                    for default Exchange server installations  so return true                  return true                                 overcome localhost and 127 0 0 1 issue                if   sslPolicyErrors  amp  System Net Security SslPolicyErrors RemoteCertificateNameMismatch     0                                if  certificate Subject Contains  localhost                                          HttpRequestMessage castSender   sender as HttpRequestMessage                      if  null    castSender                                                if  castSender RequestUri Host Contains  127 0 0 1                                                          return true                                                                                               return false                       public class Token                        JsonProperty  access token                public string AccessToken   get  set                  JsonProperty  token type                public string TokenType   get  set                  JsonProperty  expires in                public int ExpiresIn   get  set                  JsonProperty  refresh token                public string RefreshToken   get  set                                                   I recently found  Jan 2020  an article about all this   I ll add a link here    sometimes having 2 different people show explain it helps someone trying to learn it   http   luisquintanilla me 2017 12 25 client-credentials-authentication-csharp

User · Answer

This example get token thouth HttpWebRequest          HttpWebRequest request    HttpWebRequest WebRequest Create pathapi           request Method    POST           string postData    grant type password           ASCIIEncoding encoding   new ASCIIEncoding            byte   byte1   encoding GetBytes postData            request ContentType    application x-www-form-urlencoded            request ContentLength   byte1 Length          Stream newStream   request GetRequestStream            newStream Write byte1  0  byte1 Length            HttpWebResponse response   request GetResponse   as HttpWebResponse                      using  Stream responseStream   response GetResponseStream                          StreamReader reader   new StreamReader responseStream  Encoding UTF8               getreaderjson   reader ReadToEnd

User · Answer

In Postman  click Generate Code and then in Generate Code Snippets dialog you can select a different coding language  including C   RestSharp     Also  you should only need the access token URL  The form parameters are then   grant type client credentials client id abc     client secret 123   Code Snippet      using RestSharp     https   www nuget org packages RestSharp      var client   new RestClient  https   service endpoint com api oauth2 token    var request   new RestRequest Method POST   request AddHeader  cache-control    no-cache    request AddHeader  content-type    application x-www-form-urlencoded    request AddParameter  application x-www-form-urlencoded    grant type client credentials amp client id abc amp client secret 123   ParameterType RequestBody   IRestResponse response   client Execute request     From the response body you can then obtain your access token  For instance for a Bearer token type you can then add the following header to subsequent authenticated requests   request AddHeader  authorization    Bearer  lt access token gt

User · Answer

You may use the following code to get the bearer token  private string GetBearerToken         var client   new RestClient  quot https   service endpoint com quot        client Authenticator   new HttpBasicAuthenticator  quot abc quot    quot 123 quot        var request   new RestRequest  quot api oauth2 token quot   Method POST       request AddHeader  quot content-type quot    quot application json quot        request AddParameter  quot application json quot    quot     quot grant type  quot    quot client credentials  quot    quot        ParameterType RequestBody       var responseJson    client Execute request  Content      var token   JsonConvert DeserializeObject lt Dictionary lt string  object gt  gt  responseJson   quot access token quot   ToString        if token Length    0                throw new AuthenticationException  quot API authentication failed  quot              return token

User · Answer

Here is a complete example  Right click on the solution to manage nuget packages and get Newtonsoft and RestSharp   using Newtonsoft Json Linq  using RestSharp  using System    namespace TestAPI       class Program               static void Main string   args                        String id    xxx               String secret    xxx                var client   new RestClient  https   xxx xxx com services api oauth2 token                var request   new RestRequest Method POST               request AddHeader  cache-control    no-cache                request AddHeader  content-type    application x-www-form-urlencoded                request AddParameter  application x-www-form-urlencoded    grant type client credentials amp scope all amp client id     id     amp client secret     secret  ParameterType RequestBody               IRestResponse response   client Execute request                dynamic resp   JObject Parse response Content               String token   resp access token                           client   new RestClient  https   xxx xxx com services api x users v1 employees                request   new RestRequest Method GET               request AddHeader  authorization    Bearer     token               request AddHeader  cache-control    no-cache                response   client Execute request

User · Answer

https   github com IdentityModel IdentityModel adds extensions to HttpClient to acquire tokens using different flows and the documentation is great too  It s very handy because you don t have to think how to implement it yourself  I m not aware if any official MS implementation exists

[c#] How do I get an OAuth 2.0 authentication token in C#

Examples related to c#

Examples related to oauth-2.0

Examples related to restsharp