Discord Saving Tokens

[BillChirico]

Hello,

Where does the Discord provider save the access token for the logged in user? I need to be able to access it in order to query the Discord API. I am using ASP.NET Core 2.1.

Startup.cs:

services.AddAuthentication(options =>
                {
                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                })

                // Cookie Authentication
                .AddCookie(options =>
                {
                    options.LoginPath = "/signin";
                    options.LogoutPath = "/signout";
                })

                // Discord Authentication
                .AddDiscord(options =>
                {
                    options.ClientId = Configuration["Discord:ClientID"];
                    options.ClientSecret = Configuration["Discord:ClientSecret"];
                    options.Scope.Add("identify");
                    options.Scope.Add("email");
                    options.Scope.Add("guilds");
                    options.SaveTokens = true;
                });

AuthenticationController.cs:

    public class AuthenticationController : Controller
    {
        [HttpGet("~/signin")]
        public async Task<IActionResult> SignIn() => View("SignIn", await HttpContext.GetExternalProviders());

        [HttpPost("~/signin")]
        public async Task<IActionResult> SignIn([FromForm] string provider)
        {
            // Note: the "provider" parameter corresponds to the external
            // authentication provider choosen by the user agent.
            if (string.IsNullOrWhiteSpace(provider))
            {
                return BadRequest();
            }

            if (!await HttpContext.IsProviderSupported(provider))
            {
                return BadRequest();
            }

            // Instruct the middleware corresponding to the requested external identity
            // provider to redirect the user agent to its own authorization endpoint.
            // Note: the authenticationScheme parameter must match the value configured in Startup.cs
            return Challenge(new AuthenticationProperties { RedirectUri = "/" }, provider);
        }

        [HttpGet("~/signout"), HttpPost("~/signout")]
        public IActionResult SignOut()
        {
            // Instruct the cookies middleware to delete the local cookie created
            // when the user agent is redirected from the external identity provider
            // after a successful authentication flow (e.g Google or Facebook).
            return SignOut(new AuthenticationProperties { RedirectUri = "/" },
                CookieAuthenticationDefaults.AuthenticationScheme);
        }
    }

Thanks,
-Bill

[kevinchalet]

Hey,

@Tratcher @HaoK is the SaveTokens option documented somewhere?

[BillChirico]

@PinpointTownes @Tratcher @HaoK

I was able to see the access token in the properties of the context in the OnTicketReceived event. What would be the best way to go about saving this token if the SaveTokens option does not work?

[HaoK]

This sounds like a dupe of aspnet/Security#1767 @Tratcher did you every verify that this wasn't broken for OAuth as well?

[Tratcher]

It worked fine last time I ran the Security Social sample.

[Tratcher]

Doc bug: dotnet/AspNetCore.Docs#1883

[kevinchalet]

@HaoK @Tratcher thanks.

Closing as there's nothing aspnet-contrib-specific (if there's a bug, looks like it's already tracked).