example_connect.ps1

$Url = "http://localhost:8080/connect/authorize"
$Body = @{
 username = "isele"
 password = "Aripuana123!"
 grant_type="password"
 scope="openid"
 client_id="ps-connect"
 client_secret="bd5221e6-a364-43de-833b-cd410640ee90" 
 redirect_uri="http://localhost:8080/zerf/authentication/login-callback"
 response_type="id_token"

 }

$response = ''
$idToken = ''
$paddedIdToken = ''
$results = ''

$response = Invoke-RestMethod -Method Post -Uri $url -Body $body -UseDefaultCredentials -AllowUnencryptedAuthentication
$response
#$idToken = ($response.id_token.Split(".")[1] -replace "-", "+" -replace "_", "/")
#$paddedIdToken = $idToken.PadRight($idToken.Length + (4 - $idToken.Length % 4) % 4,"=")
#$results = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($paddedIdToken)) | ConvertFrom-Json
 

links.md

• https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
• http://rmitfs:8080/tfs/Messerli%20Main/MesserliOne/_wiki/wikis/Backbone?wikiVersion=GBmain&pagePath=%2FReference%2FOpenId&pageId=1310
• http://localhost:8080/.well-known/openid-configuration
• https://support.secureauth.com/hc/en-us/articles/360021263111-How-to-obtain-an-OIDC-access-token-using-Powershell

well-known_openid_configuration.json

{
  "issuer": "http://localhost:8080/",
  "authorization_endpoint": "http://localhost:8080/connect/authorize",
  "token_endpoint": "http://localhost:8080/connect/token",
  "introspection_endpoint": "http://localhost:8080/connect/introspect",
  "end_session_endpoint": "http://localhost:8080/connect/logout",
  "userinfo_endpoint": "http://localhost:8080/connect/userinfo",
  "jwks_uri": "http://localhost:8080/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false
}

Zerf.backboneplugin.json

{
    "type": "hostService",
    "configuration": {
        "reverseProxyPrefix": "/zerf"
    },
    "openIdApplications": [
        {
            "clientType": "public",
            "clientId": "NakaOneBlazorWasmClient",
            "redirectUris": ["http://localhost:8080/zerf/authentication/login-callback"],
            "postLogoutRedirectUris": ["http://localhost:8080/zerf/authentication/logout-callback"],
            "permissions": [
                "ept:authorization", "ept:logout", "ept:token",
                "scp:profile",
                "gt:authorization_code",
                "rst:code"
            ]
        },
        {
            "clientType": "confidential",
            "clientId": "ps-connect",
            "clientSecret": "bd5221e6-a364-43de-833b-cd410640ee90",
            "redirectUris": ["http://localhost:8080/zerf/authentication/login-callback"],
            "permissions": [
                "ept:authorization", "ept:logout", "ept:token",
                "scp:profile",
                "gt:password",
                "rst:id_token"
            ]
        }
    ]
}