Update client credentials samples to use authority

DuendeSoftware · May 3, 2024 · 6584491 · 6584491
1 parent cc00081
commit 6584491
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 21 deletions.
diff --git a/samples/Worker/ClientAssertionService.cs b/samples/Worker/ClientAssertionService.cs
@@ -15,6 +15,7 @@ namespace WorkerService;
 
 public class ClientAssertionService : IClientAssertionService
 {
+    private readonly ITokenEndpointRetriever _tokenEndpointRetriever;
     private readonly IOptionsMonitor<ClientCredentialsClient> _options;
 
     private static string RsaKey =
@@ -35,12 +36,13 @@ public class ClientAssertionService : IClientAssertionService
 
     private static SigningCredentials Credential = new (new JsonWebKey(RsaKey), "RS256");
 
-    public ClientAssertionService(IOptionsMonitor<ClientCredentialsClient> options)
+    public ClientAssertionService(ITokenEndpointRetriever tokenEndpointRetriever, IOptionsMonitor<ClientCredentialsClient> options)
     {
+        _tokenEndpointRetriever = tokenEndpointRetriever;
         _options = options;
     }
 
-    public Task<ClientAssertion?> GetClientAssertionAsync(string? clientName = null, TokenRequestParameters? parameters = null)
+    public async Task<ClientAssertion?> GetClientAssertionAsync(string? clientName = null, TokenRequestParameters? parameters = null)
     {
         if (clientName == "demo.jwt")
         {
@@ -49,7 +51,7 @@ public ClientAssertionService(IOptionsMonitor<ClientCredentialsClient> options)
             var descriptor = new SecurityTokenDescriptor
             {
                 Issuer = options.ClientId,
-                Audience = options.TokenEndpoint,
+                Audience = await _tokenEndpointRetriever.GetAsync(options),
                 Expires = DateTime.UtcNow.AddMinutes(1),
                 SigningCredentials = Credential,
 
@@ -64,13 +66,13 @@ public ClientAssertionService(IOptionsMonitor<ClientCredentialsClient> options)
             var handler = new JsonWebTokenHandler();
             var jwt = handler.CreateToken(descriptor);
 
-            return Task.FromResult<ClientAssertion?>(new ClientAssertion
+            return new ClientAssertion
             {
                 Type = OidcConstants.ClientAssertionTypes.JwtBearer,
                 Value = jwt
-            });
+            };
         }
 
-        return Task.FromResult<ClientAssertion?>(null);
+        return null;
     }
 }
diff --git a/samples/Worker/Program.cs b/samples/Worker/Program.cs
@@ -34,7 +34,7 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                 services.AddClientCredentialsTokenManagement()
                     .AddClient("demo", client =>
                     {
-                        client.TokenEndpoint = "https://demo.duendesoftware.com/connect/token";
+                        client.Authority = "https://demo.duendesoftware.com/";
 
                         client.ClientId = "m2m.short";
                         client.ClientSecret = "secret";
@@ -43,8 +43,7 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                     })
                     .AddClient("demo.dpop", client =>
                     {
-                        client.TokenEndpoint = "https://demo.duendesoftware.com/connect/token";
-                        //client.TokenEndpoint = "https://localhost:5001/connect/token";
+                        client.Authority = "https://demo.duendesoftware.com/";
 
                         client.ClientId = "m2m.dpop";
                         //client.ClientId = "m2m.dpop.nonce";
@@ -55,7 +54,7 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                     })
                     .AddClient("demo.jwt", client =>
                     {
-                        client.TokenEndpoint = "https://demo.duendesoftware.com/connect/token";
+                        client.Authority = "https://demo.duendesoftware.com";
                         client.ClientId = "m2m.short.jwt";
 
                         client.Scope = "api";

diff --git a/samples/WorkerDI/ClientAssertionService.cs b/samples/WorkerDI/ClientAssertionService.cs
@@ -15,6 +15,7 @@ namespace WorkerService;
 
 public class ClientAssertionService : IClientAssertionService
 {
+    private readonly ITokenEndpointRetriever _tokenEndpoint;
     private readonly IOptionsMonitor<ClientCredentialsClient> _options;
 
     private static string RsaKey =
@@ -35,21 +36,22 @@ public class ClientAssertionService : IClientAssertionService
 
     private static SigningCredentials Credential = new (new JsonWebKey(RsaKey), "RS256");
 
-    public ClientAssertionService(IOptionsMonitor<ClientCredentialsClient> options)
+    public ClientAssertionService(ITokenEndpointRetriever tokenEndpoint, IOptionsMonitor<ClientCredentialsClient> options)
     {
+        _tokenEndpoint = tokenEndpoint;
         _options = options;
     }
 
-    public Task<ClientAssertion?> GetClientAssertionAsync(string? clientName = null, TokenRequestParameters? parameters = null)
+    public async Task<ClientAssertion?> GetClientAssertionAsync(string? clientName = null, TokenRequestParameters? parameters = null)
     {
         if (clientName == "demo.jwt")
         {
             var options = _options.Get(clientName);
-            
+
             var descriptor = new SecurityTokenDescriptor
             {
                 Issuer = options.ClientId,
-                Audience = options.TokenEndpoint,
+                Audience = await _tokenEndpoint.GetAsync(options),
                 Expires = DateTime.UtcNow.AddMinutes(1),
                 SigningCredentials = Credential,
 
@@ -64,13 +66,13 @@ public ClientAssertionService(IOptionsMonitor<ClientCredentialsClient> options)
             var handler = new JsonWebTokenHandler();
             var jwt = handler.CreateToken(descriptor);
 
-            return Task.FromResult<ClientAssertion?>(new ClientAssertion
+            return new ClientAssertion
             {
                 Type = OidcConstants.ClientAssertionTypes.JwtBearer,
                 Value = jwt
-            });
+            };
         }
 
-        return Task.FromResult<ClientAssertion?>(null);
+        return null;
     }
 }
diff --git a/samples/WorkerDI/ClientCredentialsClientConfigureOptions.cs b/samples/WorkerDI/ClientCredentialsClientConfigureOptions.cs
@@ -23,9 +23,7 @@ public void Configure(string? name, ClientCredentialsClient options)
     {
         if (name == "demo.jwt")
         {
-            var disco = _cache.GetAsync().GetAwaiter().GetResult();
-
-            options.TokenEndpoint = disco.TokenEndpoint;
+            options.Authority = "https://demo.duendesoftware.com";
             options.ClientId = "m2m.short.jwt";
             options.Scope = "api";
         }

diff --git a/samples/WorkerDI/Program.cs b/samples/WorkerDI/Program.cs
@@ -37,7 +37,8 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                 // alternative way to add a client
                 services.Configure<ClientCredentialsClient>("demo", client =>
                 {
-                    client.TokenEndpoint = "https://demo.duendesoftware.com/connect/token";
+                    client.Authority = "https://demo.duendesoftware.com/";
+                    // client.TokenEndpoint = "https://demo.duendesoftware.com/connect/token";
 
                     client.ClientId = "m2m.short";
                     client.ClientSecret = "secret";