ADFS client side authentication (part 2)

Demo

This demonstrates the creation of a simple console application which uses ADFS to authenticate and then passes those credentials to the ServiceAPI.  If you are interested in ADAL then read Vittorio Bertocci's blog, particularly this post.  The token cache I use in the below video can be found here, the code I wrote below is here.

Refresh tokens

A refresh token will allow a client to keep their credentials cached for days rather than hours however in my experience ADFS does not issue refresh tokens by default. You may wish to do some research on refresh tokens and decide whether or not you want to support them.  If yes then use the following powershel command to enable them for your relying party trust.  You can choose to issue refresh tokens to AllDevices or WorkplaceJoinedDevices.

Set-AdfsRelyingPartyTrust -TargetName "davidc2012 ServiceAPI" -IssueOAuthRefreshTokensTo AllDevices