Description
Similarly on the client side, there is no standard way to take an IHttpClientBuilder and add an OAuth bearer token to its calls from such-and-such a vendor's identity server according to some configuration. I wrote much more code than I can snip here to create a standard way for our shop. I'd open source it if my company allowed, but this should already be part of Microsoft.Extensions anyway.
I'd file another issue for this, with the specifics as well. There's more detail needed here. It's unclear to me if you're trying to set tokens in the request or do something more complex, (like an oauth2 auth flow, that supports getting the token, storing the refresh token and renewing it etc).
Originally posted by @davidfowl in dotnet/aspnetcore#47461 (comment)
Here's the scenario: you are exposing a REST API secured with OAuth tokens provided by a 3rd-party identity provider, such as Okta or the like. You need to provide a .NET client SDK that will use IHttpClientBuilder to register a strongly-typed client for your API and it will also inject the needed OAuth token, taking care of retrieving it from the identity server and caching it.
Right now, you have to hope that your identity provider has an SDK that will handle the token injection (narrator voice: it doesn't) and even if it does, if you wanted to change identity providers, you would have to rewrite everything.
What would be helpful would be a standard way in Microsoft.Extensions.Http that would let you do something like .AddOAuthProvider<OktaClientProvider>(configuration) and each identity provider would make a NuGet package with a class that implements some interface defined in something like Microsoft.Extensions.Http.OAuth, but the configuration would be defined by Microsoft and wouldn't change if you swapped out a different OAuth client provider. Also, the caching of the tokens would be in the common implementation, not the implementation that is specific to each identity provider.