How to add client certificate for SSL protocol when using AddClientCredentialsTokenManagement

DuendeSoftware / Support

Support for Duende Software products

21 stars 0 forks source link

How to add client certificate for SSL protocol when using AddClientCredentialsTokenManagement #1367

Closed arslanakhtar61 closed 1 month ago

arslanakhtar61 commented 2 months ago

`builder.Services.AddClientCredentialsTokenManagement()

.AddClient("vendor.client", client =>
{
    client.TokenEndpoint = "";
    client.ClientId = "";
    client.ClientSecret = "";
    client.ClientCredentialStyle = ClientCredentialStyle.PostBody;
    client.Parameters.Add("audience", "");
    // How to add X509Certificate for ssl mutual tls when calling for access token?
});

RolandGuijt commented 2 months ago

It isn't supported directly like that but it should be possible:

The main thing that is needed is to attach the client's certificate to the HttpClient via the SocketsHttpHandler. AccessTokenManagement doesn't do that automatically for you. We have a sample of mTLS that doesn't use AccessTokenManagement.

By configuring IHttpClientHandler like this you should be able to get it to work:

.AddClient("vendor.client", client =>
{
   ..
}).ConfigurePrimaryHttpMessageHandler( ... );

RolandGuijt commented 1 month ago

If this answered your question I would like to close the issue. If not feel free to add a comment.

RolandGuijt commented 1 month ago

Closing for now, but feel free to reopen if anything comes up.