JWT Access Token (JwtAccessTokenService) Class

Namespace: CXT.IO.Dashboard.Api.ServicesImplements: IJwtAccessTokenService

This class is the concrete implementation of IJwtAccessTokenService. It uses the Microsoft Authentication Library (MSAL) to acquire a JWT access token via the OAuth 2.0 client credentials grant flow.

Purpose

• To enable secure, authenticated server-to-server communication between the Dashboard API (BFF) and downstream services.
• To encapsulate the interaction with the MSAL library for acquiring a token for the application itself.

Dependencies

• IConfidentialClientApplication: This is a core component from the Microsoft.Identity.Client (MSAL) library. It represents the BFF application as an OAuth 2.0 confidential client and is pre-configured at application startup with the client ID, client secret, and authority URI.

Method Implementations

Token async

public async Task<string> TokenAsync(IEnumerable<string> scopes)

• Description: Asynchronously acquires an access token for the application using its own credentials.
• Logic:
  1. Calls _confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync().
  2. This MSAL method performs the client credentials flow by authenticating the BFF application to the identity provider (e.g., Azure AD).
  3. Upon success, MSAL returns an AuthenticationResult.
  4. The method formats the result as "{response.TokenType} {response.AccessToken}" (e.g., "Bearer eyJhbGciOi...") and returns it.
• Returns: Task<string> - The formatted bearer token.