Add `RemoveClaimsFromClientCredentialsGrantType`.

4 years ago · faee4bce95
4 changed files with 51 additions and 0 deletions
--- a/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs
@ -147,3 +147,16 @@ Console.WriteLine("Access token: {0}", tokenResponse.AccessToken);
 Console.WriteLine();
 Console.WriteLine("Refresh token: {0}", tokenResponse.RefreshToken);
 Console.WriteLine();
+
+serverRequest = new HttpRequestMessage(HttpMethod.Get, api);
+serverRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokenResponse.AccessToken);
+
+serverResponse = await client.SendAsync(serverRequest);
+serverResponse.EnsureSuccessStatusCode();
+
+Console.WriteLine("ClientCredentials API response: {0}", JsonSerializer.Serialize(JsonDocument.Parse(await serverResponse.Content.ReadAsStringAsync()), new JsonSerializerOptions
+{
+    WriteIndented = true
+}));
+
+Console.WriteLine();
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
@ -127,6 +127,8 @@ public class AbpOpenIddictAspNetCoreModule : AbpModule
                    builder.AddEventHandler(AbpValidatePostLogoutRedirectUriParameter.Descriptor);
                }

+                builder.AddEventHandler(RemoveClaimsFromClientCredentialsGrantType.Descriptor);
+
                services.ExecutePreConfiguredActions(builder);
            });

--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs
@ -28,6 +28,12 @@ public partial class TokenController
            TokenValidationParameters.DefaultAuthenticationType,
            OpenIddictConstants.Claims.PreferredUsername, OpenIddictConstants.Claims.Role);

+        // The Subject and PreferredUsername will be removed by <see cref="RemoveClaimsFromClientCredentialsGrantType"/>.
+
+        // Use the client_id as the subject identifier.
+        identity.AddClaim(OpenIddictConstants.Claims.Subject, await ApplicationManager.GetClientIdAsync(application),
+            OpenIddictConstants.Destinations.AccessToken, OpenIddictConstants.Destinations.IdentityToken);
+
        identity.AddClaim(OpenIddictConstants.Claims.PreferredUsername, await ApplicationManager.GetDisplayNameAsync(application),
            OpenIddictConstants.Destinations.AccessToken, OpenIddictConstants.Destinations.IdentityToken);

--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/RemoveClaimsFromClientCredentialsGrantType.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/RemoveClaimsFromClientCredentialsGrantType.cs
@ -0,0 +1,30 @@
+using System.Threading.Tasks;
+using OpenIddict.Abstractions;
+using OpenIddict.Server;
+
+namespace Volo.Abp.OpenIddict;
+
+public class RemoveClaimsFromClientCredentialsGrantType : IOpenIddictServerHandler<OpenIddictServerEvents.ProcessSignInContext>
+{
+    public static OpenIddictServerHandlerDescriptor Descriptor { get; }
+        = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ProcessSignInContext>()
+            .AddFilter<OpenIddictServerHandlerFilters.RequireAccessTokenGenerated>()
+            .UseSingletonHandler<RemoveClaimsFromClientCredentialsGrantType>()
+            .SetOrder(OpenIddictServerHandlers.PrepareAccessTokenPrincipal.Descriptor.Order - 1)
+            .SetType(OpenIddictServerHandlerType.Custom)
+            .Build();
+
+    public ValueTask HandleAsync(OpenIddictServerEvents.ProcessSignInContext context)
+    {
+        if (context.Request.IsClientCredentialsGrantType())
+        {
+            if (context.Principal != null)
+            {
+                context.Principal.RemoveClaims(OpenIddictConstants.Claims.Subject);
+                context.Principal.RemoveClaims(OpenIddictConstants.Claims.PreferredUsername);
+            }
+        }
+
+        return default;
+    }
+}