Example implementation

You can use an OAuth client library to ease OAuth 2.0 adoption for your application.

The OAuth 2.0 client library handles OAuth-related low-level functionality and provides a simple interface to implement the steps in the previous sections.

See http://oauth.net/2/ lists of popular OAuth 2.0 client libraries for .Net. A sample implementation based on the ThinkTecture IdentityServer3 Sample is provided here. This implementation is a simple thick-client application that integrates with API Gateway CE and IFS CE. These are code snippets to implement OAuth:

Request authorization code

var state = Guid.NewGuid().ToString("N");
var nonce = Guid.NewGuid().ToString("N");
SetTempState(state, nonce);
var client = new OAuth2Client(new Uri(Constants.AuthorizeEndpoint));
var url = client.CreateCodeFlowUrl(
clientId: Constants.ClientId,
scope: scopes,
redirectUri: Constants.RedirectUrl,
state: state,
nonce: nonce);
return Redirect(url);

Exchange code for token

var client = new OAuth2Client(
new Uri(Constants.TokenEndpoint),
Constants.ClientId,
Constants.ClientSecret);
var code = Request.QueryString["code"];
var tempState = await GetTempStateAsync();
Request.GetOwinContext().Authentication.SignOut("TempState");
var response = await client.RequestAuthorizationCodeAsync(
code, Constants.RedirectUrl);
await ValidateResponseAndSignInAsync(response, tempState.Item2);
return View("Token", response);

Use access token

var principal = User as ClaimsPrincipal;
var client = new HttpClient();
client.SetBearerToken(principal.FindFirst("access_token").Value);
var result = await client.GetStringAsync(Constants.AspNetWebApiSampleApi + Constants.AspNetWebApiSampleApiEndpoint);
//"ACME_PRD/M3/m3api-rest/execute/CRS610MI/ChgFinancial?CUNO=Y30000&BLCD=0");
return View((object)result);

Refresh token

var client = new OAuth2Client(
new Uri(Constants.TokenEndpoint),
Constants.ClientId,
Constants.ClientSecret);
var principal = User as ClaimsPrincipal;
var refreshToken = principal.FindFirst("refresh_token").Value;
• Revoke Token
var refreshToken = (User as ClaimsPrincipal).FindFirst("refresh_token").Value;
var client = new HttpClient();
client.SetBasicAuthentication(Constants.ClientId, Constants.ClientSecret);
var postBody = new Dictionary<string, string>
{
{ "token", refreshToken },
{ "token_type_hint", "refresh_token" }
};
var result = await client.PostAsync(Constants.TokenRevocationEndpoint, new FormUrlEncodedContent(Source