.Net based thick clients

The suggested grant for thick clients is the authorization code.

There are multiple OAuth2.0 libraries available, for example: http://www.nuget.org/packages/Thinktecture.IdentityModel.Client/. This URL provides a library with utility functions to implement the OAuth2.0 protocol. The client application can leverage the library to construct the correct URL query parameters and the form post required as part of the interaction with the authorization service.

To facilitate the adoption of the Thinktecture.IdentityModel.Client application library, a sample application has been created to showcase the different interactions with the authorization service in the OAuth2.0 protocol. The sample application is based on the samples from the Thinktecture team located at: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients

The application provides the functionality to obtain an authorization code Get Code button. Then the code can be exchanged by an access_token with the Get Access Token with code button. After a token is obtained and the client is configured to receive a refresh_token, you can obtain a new access_token with the Refresh Access Token button. You can call the API Gateway with the Call Service button.

When the application does not need the access_token or the refresh_token, they can be revoked by using either Revoke Access Token or Revoke Refresh Token. The sample application showcases the interaction of the client with the authorization service. This sample app does not treat the access_token or refresh_token securely. Maintaining the access_token and refresh_token secure is the responsibility of the final application and should be secured as any other existing secret.