Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where are the tokens from Open Id Connect being stored?

Tags:

openid-connect

azure

azure-active-directory

I am using Open ID Connect and requesting tokens from Azure Active Directory. I am using the authorization code flow, so I am receiving both the id_token and the access_token. I am using .NET Core.

My configuration of Open Id Connect is as follows: 

options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = true;

Notice the Save Tokens set to true

When the user is logged in, I am able to retrieve both the tokens as follows:

string accessToken = await HttpContext.GetTokenAsync("access_token");
string idToken = await HttpContext.GetTokenAsync("id_token");

My question is, where these tokens are actually being saved, and how can I configure how these tokens are being saved?

I also heard that in the authorization code flow, the identity provider will return the authorization code, and the server would then use that code to request the tokens. However, I am not doing any of that programmatically and I am still able to retrieve the tokens. Is this something handled automatically with Open Id Connect?

like image 257
anonuser1 Avatar asked Sep 01 '25 01:09

anonuser1

1 Answers

enter image description here

Where these tokens are actually being saved?

As the OpenID Connect protocol diagram architecture describe, When a new session is started, a new cookie is returned to control this session. This "sesion cookie" is created based on "ID Token" and as long as this cookie is valid, user will be considered as authenticated. As you are using, OpenID Connect (OIDC), it create the cookie and save token there. you could refer this docs

How can I configure how these tokens?

If you want to configure your token mechanism Microsoft provides library fro that. You can use ADAL or MSAL for your own configuration.

Is this something handled automatically with Open Id Connect?

Thought its has some background mechanism but you have to use authentication library to handle on your application code. You could refer official docs

For more details you could refer flowing docs

  1. Authentication implementation
  2. Authentication Libraries
  3. Code sample
like image 97
Md Farid Uddin Kiron Avatar answered Sep 03 '25 11:09

Md Farid Uddin Kiron
Sign in to Comment

Related questions

Azure Pipeline step reference task manual validation at version 0.198 which is not valid for the given job target
Do I need to call CompleteMessageAsync when I'm in ReceiveAndDelete mode?
Azure backed terraform Error building account
In azure how to concatenate strings in a summarize statement?
Azure AD B2C Signout does not invalidate the token
Can't rename blob file in Azure Storage
How to execute powershell script using AzureCLI?
Get list of files inside a running Kubernetes Pod's memory
Application Initialization in Azure Function Project in VS2017 15.3.4?
Is it possible to filter an array in Logic apps based on another array?
Install Certificate in IIS CurrentUser/Personal Store
Azure Active Directory, Allowed Token Audiences doesnt appear to do anything
Azure AD - Check for security group membership - (Node.js, passport, Azure Web App)
Azure ARM Template DependentOn FileShare
How to stop/cancel a running Azure webjob?
I want to hide tables in SQL Server database
How to get Direct Link to Container(Folder) in Azure Storage Explorer for Azure Blob Storage Account
How do I define unique keys involving properties in embedded arrays in Azure Cosmos DB?
Azure devops service connection expired and cannot edit/renew

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!