From 270f57fc0195ee9f18525fc43db3066e53935aa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Thu, 10 Mar 2016 21:25:53 +0100 Subject: [PATCH] React to API changes in aspnet-contrib/AspNet.Security.OpenIdConnect.Server https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/commit/1d76680d106317dc7b44d934d02b666a04940510 --- .../OpenIddictProvider.Userinfo.cs | 83 +++++++++++++++++++ src/OpenIddict.Core/OpenIddictProvider.cs | 71 ---------------- 2 files changed, 83 insertions(+), 71 deletions(-) create mode 100644 src/OpenIddict.Core/OpenIddictProvider.Userinfo.cs diff --git a/src/OpenIddict.Core/OpenIddictProvider.Userinfo.cs b/src/OpenIddict.Core/OpenIddictProvider.Userinfo.cs new file mode 100644 index 00000000..a56a4f86 --- /dev/null +++ b/src/OpenIddict.Core/OpenIddictProvider.Userinfo.cs @@ -0,0 +1,83 @@ +/* + * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) + * See https://github.com/openiddict/openiddict-core for more information concerning + * the license and the contributors participating to this project. + */ + +using System.Diagnostics; +using System.Security.Claims; +using System.Threading.Tasks; +using AspNet.Security.OpenIdConnect.Extensions; +using AspNet.Security.OpenIdConnect.Server; +using JetBrains.Annotations; +using Microsoft.Extensions.DependencyInjection; +using Newtonsoft.Json.Linq; + +namespace OpenIddict { + public partial class OpenIddictProvider : OpenIdConnectServerProvider where TUser : class where TApplication : class { + public override async Task UserinfoEndpoint([NotNull] UserinfoEndpointContext context) { + var manager = context.HttpContext.RequestServices.GetRequiredService>(); + + var principal = context.Ticket?.Principal; + Debug.Assert(principal != null); + + // Note: user may be null if the user has been removed. + // In this case, return a 400 response. + var user = await manager.GetUserAsync(principal); + if (user == null) { + context.Response.StatusCode = 400; + context.HandleResponse(); + + return; + } + + // Note: "sub" is a mandatory claim. + // See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse + context.Subject = await manager.GetUserIdAsync(user); + + // Only add the "preferred_username" claim if the "profile" scope was present in the access token. + // Note: filtering the username is not needed at this stage as OpenIddictController.Accept + // and OpenIddictProvider.GrantResourceOwnerCredentials are expected to reject requests that + // don't include the "email" scope if the username corresponds to the registed email address. + if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Profile)) { + context.PreferredUsername = await manager.GetUserNameAsync(user); + + if (manager.SupportsUserClaim) { + context.FamilyName = await manager.FindClaimAsync(user, ClaimTypes.Surname); + context.GivenName = await manager.FindClaimAsync(user, ClaimTypes.GivenName); + context.BirthDate = await manager.FindClaimAsync(user, ClaimTypes.DateOfBirth); + } + } + + // Only add the email address details if the "email" scope was present in the access token. + if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Email)) { + context.Email = await manager.GetEmailAsync(user); + + // Only add the "email_verified" claim + // if the email address is non-null. + if (!string.IsNullOrEmpty(context.Email)) { + context.EmailVerified = await manager.IsEmailConfirmedAsync(user); + } + }; + + // Only add the phone number details if the "phone" scope was present in the access token. + if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Phone)) { + context.PhoneNumber = await manager.GetPhoneNumberAsync(user); + + // Only add the "phone_number_verified" + // claim if the phone number is non-null. + if (!string.IsNullOrEmpty(context.PhoneNumber)) { + context.PhoneNumberVerified = await manager.IsPhoneNumberConfirmedAsync(user); + } + } + + // Only add the roles list if the "roles" scope was present in the access token. + if (manager.SupportsUserRole && context.Ticket.HasScope(OpenIddictConstants.Scopes.Roles)) { + var roles = await manager.GetRolesAsync(user); + if (roles.Count != 0) { + context.Claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(roles); + } + } + } + } +} \ No newline at end of file diff --git a/src/OpenIddict.Core/OpenIddictProvider.cs b/src/OpenIddict.Core/OpenIddictProvider.cs index c89e113e..48baf79d 100644 --- a/src/OpenIddict.Core/OpenIddictProvider.cs +++ b/src/OpenIddict.Core/OpenIddictProvider.cs @@ -4,15 +4,9 @@ * the license and the contributors participating to this project. */ -using System.Diagnostics; -using System.Security.Claims; using System.Threading.Tasks; -using AspNet.Security.OpenIdConnect.Extensions; using AspNet.Security.OpenIdConnect.Server; using JetBrains.Annotations; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Internal; -using Newtonsoft.Json.Linq; namespace OpenIddict { public partial class OpenIddictProvider : OpenIdConnectServerProvider where TUser : class where TApplication : class { @@ -27,70 +21,5 @@ namespace OpenIddict { return Task.FromResult(null); } - - public override async Task ProfileEndpoint([NotNull] ProfileEndpointContext context) { - var manager = context.HttpContext.RequestServices.GetRequiredService>(); - - var principal = context.Ticket?.Principal; - Debug.Assert(principal != null); - - // Note: user may be null if the user has been removed. - // In this case, return a 400 response. - var user = await manager.GetUserAsync(principal); - if (user == null) { - context.Response.StatusCode = 400; - context.HandleResponse(); - - return; - } - - // Note: "sub" is a mandatory claim. - // See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse - context.Subject = await manager.GetUserIdAsync(user); - - // Only add the "preferred_username" claim if the "profile" scope was present in the access token. - // Note: filtering the username is not needed at this stage as OpenIddictController.Accept - // and OpenIddictProvider.GrantResourceOwnerCredentials are expected to reject requests that - // don't include the "email" scope if the username corresponds to the registed email address. - if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Profile)) { - context.PreferredUsername = await manager.GetUserNameAsync(user); - - if (manager.SupportsUserClaim) { - context.FamilyName = await manager.FindClaimAsync(user, ClaimTypes.Surname); - context.GivenName = await manager.FindClaimAsync(user, ClaimTypes.GivenName); - context.BirthDate = await manager.FindClaimAsync(user, ClaimTypes.DateOfBirth); - } - } - - // Only add the email address details if the "email" scope was present in the access token. - if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Email)) { - context.Email = await manager.GetEmailAsync(user); - - // Only add the "email_verified" claim - // if the email address is non-null. - if (!string.IsNullOrEmpty(context.Email)) { - context.EmailVerified = await manager.IsEmailConfirmedAsync(user); - } - }; - - // Only add the phone number details if the "phone" scope was present in the access token. - if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Phone)) { - context.PhoneNumber = await manager.GetPhoneNumberAsync(user); - - // Only add the "phone_number_verified" - // claim if the phone number is non-null. - if (!string.IsNullOrEmpty(context.PhoneNumber)) { - context.PhoneNumberVerified = await manager.IsPhoneNumberConfirmedAsync(user); - } - } - - // Only add the roles list if the "roles" scope was present in the access token. - if (manager.SupportsUserRole && context.Ticket.HasScope(OpenIddictConstants.Scopes.Roles)) { - var roles = await manager.GetRolesAsync(user); - if (roles.Count != 0) { - context.Claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(roles); - } - } - } } } \ No newline at end of file