diff --git a/ClientApp/Controllers/IdentityController.cs b/ClientApp/Controllers/IdentityController.cs
index 6311893..423f441 100644
--- a/ClientApp/Controllers/IdentityController.cs
+++ b/ClientApp/Controllers/IdentityController.cs
@@ -1,6 +1,6 @@
 using System.Net.Http;
 using System.Threading.Tasks;
-using IdentityModel.Client;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -11,15 +11,10 @@ public class IdentityController : Controller
         [Authorize]
         public async Task<IActionResult> Index()
         {
-            var discovery = await DiscoveryClient.GetAsync("http://localhost:5000");
-
-            var tokenClient = new TokenClient(discovery.TokenEndpoint, "clientApp", "secret");
-            var tokenResponse = await tokenClient.RequestClientCredentialsAsync("apiApp");
-
-            ViewData["tokenResult"] = tokenResponse.IsError ? tokenResponse.Error : tokenResponse.Json.ToString();
+            var accessToken = await HttpContext.Authentication.GetTokenAsync("access_token");
 
             var client = new HttpClient();
-            client.SetBearerToken(tokenResponse.AccessToken);
+            client.SetBearerToken(accessToken);
 
             var apiResponse = await client.GetAsync("http://localhost:5001/api/identity");
             ViewData["apiResult"] = apiResponse.IsSuccessStatusCode ? await apiResponse.Content.ReadAsStringAsync() : apiResponse.StatusCode.ToString();
diff --git a/ClientApp/Startup.cs b/ClientApp/Startup.cs
index 0a9e4ad..4197014 100644
--- a/ClientApp/Startup.cs
+++ b/ClientApp/Startup.cs
@@ -67,6 +67,12 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
                 RequireHttpsMetadata = false,
 
                 ClientId = "mvc",
+                ClientSecret = "secret",
+
+                ResponseType = "code id_token",
+                Scope = { "apiApp", "offline_access" },
+
+                GetClaimsFromUserInfoEndpoint = true,
                 SaveTokens = true
             });
 
diff --git a/ClientApp/Views/Identity/Index.cshtml b/ClientApp/Views/Identity/Index.cshtml
index 5e63679..9cedc78 100644
--- a/ClientApp/Views/Identity/Index.cshtml
+++ b/ClientApp/Views/Identity/Index.cshtml
@@ -1,8 +1,14 @@
-@{
+@using Microsoft.AspNetCore.Authentication
+@{
     ViewData["Title"] = "Identity";
 }
 
-@ViewData["tokenResult"]
+<dt>access token</dt>
+<dd>@await ViewContext.HttpContext.Authentication.GetTokenAsync("access_token")</dd>
+
+<dt>refresh token</dt>
+<dd>@await ViewContext.HttpContext.Authentication.GetTokenAsync("refresh_token")</dd>
+
 @ViewData["apiResult"]
 
 <h3>User claims</h3>
@@ -12,7 +18,6 @@
     {
         <dt>@claim.Type</dt>
         <dd>@claim.Value</dd>
-
     }
 </dl>
 
diff --git a/IdentityApp/Config.cs b/IdentityApp/Config.cs
index c0429a8..287165b 100644
--- a/IdentityApp/Config.cs
+++ b/IdentityApp/Config.cs
@@ -42,7 +42,12 @@ public static IEnumerable<Client> GetClients()
                 {
                     ClientId = "mvc",
                     ClientName = "MVC Client",
-                    AllowedGrantTypes = GrantTypes.Implicit,
+                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
+
+                    ClientSecrets =
+                    {
+                        new Secret("secret".Sha256())
+                    },
 
                     RedirectUris = { "http://localhost:5002/signin-oidc" },
                     PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
@@ -50,8 +55,10 @@ public static IEnumerable<Client> GetClients()
                     AllowedScopes =
                     {
                         IdentityServerConstants.StandardScopes.OpenId,
-                        IdentityServerConstants.StandardScopes.Profile
-                    }
+                        IdentityServerConstants.StandardScopes.Profile,
+                        "apiApp"
+                    },
+                    AllowOfflineAccess = true
                 }
             };
         }