I have created a asp.net core web application that needs to access multiple APIs. Authentication is supposed to happen through ADFS. I am able to setup OpenId Connect authentication and retrieve the access_token for a single api resource. How can I retrieve access_tokens for the remaining APIs so I can call them or one access_token with multiple audiences?
Normally I should be adding scopes, but it seems ADFS has a different meaning for scopes than IdentityServer and instead uses the "Resource" option.
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = appSettings.Authority;
options.ClientId = appSettings.ClientId;
options.ClientSecret = appSettings.ClientSecret;
options.SaveTokens = true;
foreach (var scope in appSettings.Scopes)
{
options.Scope.Add(scope);
}
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.RequireHttpsMetadata = true;
options.Resource = appSettings.TemplateServiceIdentifier;
});
Then I can, when needed to just call
var token = await _httpContextAccessor.HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
then add the token as bearer and validate it just fine. And this works fine for every single resource (API) if I add it from the start. However I don't seem to be able to obtain access tokens for more than one resource at a time.
Is it even possible with ADFS? Should I retrieve one access token for all API resources (since the identity provider is the same for all APIs) with multiple audiences?
