🌤

Auth0: implementing a device flow in a Console Application with .NET 7 - Part 2

authenticationsecurityprogrammingdotnet
Loading...
 

Published on

December 28, 2022

Obtain a Refresh Token

In the previous post we saw how to implement a basic device flow authentication for a console application. Now we will see how to refresh the token in order to don't insert every time the credentials. First of all, create an API from the Auth0 Dashboard. Click on Applications and then to APIs. From here create a new API and from the Access Settings, make sure "Allow Offline Access" is enabled.

Allow Offline Access

Now we can change the code from the preview sample, and change add the Audience parameter at line 12:

request.AddParameter("application/x-www-form-urlencoded", $"client_id={clientId}&scope=offline_access+openid+profile&audience=YOUR-AUDIENCE", ParameterType.RequestBody);

You can find the audience parameter from the API details page. From the General Settings, you can copy the value called "Identifier".

Identifier

Now you can refresh the token with the following code:

client = new RestClient($"https://{tenant}.auth0.com/oauth/token");
request = new RestRequest();
request.Method = Method.Post;
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=refresh_token&client_id=CLIENT-ID&client_secret=CLIENT-SECRET&refresh_token=REFRESH-TOKEN", ParameterType.RequestBody);
response = client.Execute(request);

Replace the values with the uppercase name with your values. It's not a best practices to refresh the token every time you need to call the API, but just the first time. Auth0 is a smart service and store the caller IP as well.

Customize the User Code generated for your applications

From the Dashboard -> Settings -> Advanced, you can configure the format of the User Code that Auth0 generates for the device flow authentication. You can change the characters set and the mask as well. By default the mask is - but, for instance, you can add more characters by changing the value like --***. In this case you will obtain a code like: BCDF-GHJK-LMNP.

User Code Settings

Remove a device from a user

If you want to unlink a device from a user, you can navigate on the Auth0 Dashboard, then User Management, Users and click on the tab "Devices". By clicking on the recycle bin icon, you resent the refresh token and the user needs to re-login again.

Devices

Create an account to Auth0

If you need an account for Auth0, you can use the following link: https://a0.to/signup-for-auth0. You can use the free version of the service to test your applications and for your development environments.


Thanks for reading this post, I hope you found it interesting!

Feel free to follow me to get notified when new articles are out 🙂

{% embed https://dev.to/kasuken %}

React, comment and follow on