tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

React to API changes in aspnet-contrib/AspNet.Security.OpenIdConnect.Server 

e40483abdd
pull/60/head
Kévin Chalet 10 years ago
parent
3a5ef65951
commit
0c45f2fd2e
3 changed files with 27 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      src/OpenIddict.Core/OpenIddictManager.cs
  2. 10
      src/OpenIddict.Core/OpenIddictProvider.Exchange.cs
  3. 5
      src/OpenIddict.Mvc/OpenIddictController.cs

21
src/OpenIddict.Core/OpenIddictManager.cs
View File

@ -61,7 +61,9 @@ namespace OpenIddict {
Options.ClaimsIdentity.UserNameClaimType, Options.ClaimsIdentity.UserNameClaimType,
Options.ClaimsIdentity.RoleClaimType); Options.ClaimsIdentity.RoleClaimType);
identity.AddClaim(ClaimTypes.NameIdentifier, await GetUserIdAsync(user), destination: "id_token token"); // Note: the name identifier is always included in both identity and
// access tokens, even if an explicit destination is not specified.
identity.AddClaim(ClaimTypes.NameIdentifier, await GetUserIdAsync(user));
// Resolve the username and the email address associated with the user. // Resolve the username and the email address associated with the user.
var username = await GetUserNameAsync(user); var username = await GetUserNameAsync(user);
@ -76,17 +78,23 @@ namespace OpenIddict {
throw new InvalidOperationException("The 'email' scope is required."); throw new InvalidOperationException("The 'email' scope is required.");
} }
identity.AddClaim(ClaimTypes.Name, username, destination: "id_token token"); identity.AddClaim(ClaimTypes.Name, username,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
} }
// Only add the email address if the "email" scope was granted. // Only add the email address if the "email" scope was granted.
if (scopes.Contains(OpenIdConnectConstants.Scopes.Email)) { if (scopes.Contains(OpenIdConnectConstants.Scopes.Email)) {
identity.AddClaim(ClaimTypes.Email, email, destination: "id_token token"); identity.AddClaim(ClaimTypes.Email, email,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
} }
if (SupportsUserRole && scopes.Contains(OpenIddictConstants.Scopes.Roles)) { if (SupportsUserRole && scopes.Contains(OpenIddictConstants.Scopes.Roles)) {
foreach (var role in await GetRolesAsync(user)) { foreach (var role in await GetRolesAsync(user)) {
identity.AddClaim(identity.RoleClaimType, role, destination: "id_token token"); identity.AddClaim(identity.RoleClaimType, role,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
} }
} }
@ -94,8 +102,9 @@ namespace OpenIddict {
var identifier = await GetSecurityStampAsync(user); var identifier = await GetSecurityStampAsync(user);
if (!string.IsNullOrEmpty(identifier)) { if (!string.IsNullOrEmpty(identifier)) {
identity.AddClaim(Options.ClaimsIdentity.SecurityStampClaimType, identity.AddClaim(Options.ClaimsIdentity.SecurityStampClaimType, identifier,
identifier, destination: "id_token token"); OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
} }
} }

10
src/OpenIddict.Core/OpenIddictProvider.Exchange.cs
View File

@ -102,8 +102,14 @@ namespace OpenIddict {
Debug.Assert(application != null); Debug.Assert(application != null);
var identity = new ClaimsIdentity(context.Options.AuthenticationScheme); var identity = new ClaimsIdentity(context.Options.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, context.ClientId, destination: "id_token token");
identity.AddClaim(ClaimTypes.Name, await manager.GetDisplayNameAsync(application), destination: "id_token token"); // Note: the name identifier is always included in both identity and
// access tokens, even if an explicit destination is not specified.
identity.AddClaim(ClaimTypes.NameIdentifier, context.ClientId);
identity.AddClaim(ClaimTypes.Name, await manager.GetDisplayNameAsync(application),
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
// Create a new authentication ticket // Create a new authentication ticket
// holding the application identity. // holding the application identity.

5
src/OpenIddict.Mvc/OpenIddictController.cs
View File

@ -152,7 +152,10 @@ namespace OpenIddict.Mvc {
// the whole delegation chain from the resource server (see ResourceController.cs). // the whole delegation chain from the resource server (see ResourceController.cs).
identity.Actor = new ClaimsIdentity(Options.AuthenticationScheme); identity.Actor = new ClaimsIdentity(Options.AuthenticationScheme);
identity.Actor.AddClaim(ClaimTypes.NameIdentifier, request.ClientId); identity.Actor.AddClaim(ClaimTypes.NameIdentifier, request.ClientId);
identity.Actor.AddClaim(ClaimTypes.Name, await Manager.GetDisplayNameAsync(application), destination: "id_token token");
identity.Actor.AddClaim(ClaimTypes.Name, await Manager.GetDisplayNameAsync(application),
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
// Create a new authentication ticket holding the user identity. // Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), null, Options.AuthenticationScheme); var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), null, Options.AuthenticationScheme);

Write Preview
Loading…
Cancel
Save