PIV authentication with API

dciceman · October 27, 2023, 12:22am

I am working on a .Net Core Application with the requirement of using PIV to login. I followed the flow below.

Application checks if user has session, does nothing if session does not exist.
User clicks on button to login with PIV
User is logged in with PIV
Application checks if user has session, makes /authorize redirect because session exists.
User winds up on the callback route with the authorization_code

Make /token to get Access and Refresh Token

I am stuck at step 6. I tried to use the Code from /authorize to generate to call “/oauth2/default/v1/token” get access and refresh token without any luck. I’m getting 400 Status Code ( ‘Bad Request’) from response.
Any suggestion to get both access and refresh token?

andrea · October 27, 2023, 5:09pm

Are you using the same authorization server when making the /authorize request as you do in the /token request?

dciceman · October 27, 2023, 6:00pm

Yes, we have only 1 default authorization server,

andrea · November 23, 2023, 12:10am

sorry, didn’t see your update! Do you get a specific error description when you see the 400 that will help us narrow this down?

Post		Replies	Views
Dotnet core applying refresh token OAuth/OIDC dotnet	1	4904	January 12, 2024
PKCE Flow From Console .NET Core App to Web API Questions	2	3532	May 17, 2021
Getting refresh_token server-side (sessionToken) Questions	5	3686	January 11, 2021
V1/token is returning 401 unauthorized OAuth/OIDC api , angular	6	10137	December 31, 2020
Attempting to run Net core 3x hosted login sample Questions	3	3493	January 25, 2024

PIV authentication with API

Related topics