Update the samples to use the ClaimsIdentity constructor taking the name and role claim types

4 years ago · 3bceb9ff58
2 changed files with 67 additions and 31 deletions
--- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs
+++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs
@ -14,6 +14,7 @@ using System.Web;
 using System.Web.Mvc;
 using Microsoft.AspNet.Identity;
 using Microsoft.AspNet.Identity.Owin;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security;
 using OpenIddict.Abstractions;
 using OpenIddict.Client.Owin;
@ -142,11 +143,16 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers
                case ConsentTypes.External when authorizations.Any():
                case ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(Prompts.Consent):
                    // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-                    var identity = new ClaimsIdentity(OpenIddictServerOwinDefaults.AuthenticationType)
-                        .AddClaim(Claims.Subject, user.Id)
-                        .AddClaim(Claims.Email, user.Email)
-                        .AddClaim(Claims.Name, user.UserName)
-                        .AddClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());
+                    var identity = new ClaimsIdentity(
+                        authenticationType: OpenIddictServerOwinDefaults.AuthenticationType,
+                        nameType: Claims.Name,
+                        roleType: Claims.Role);
+
+                    // Add the claims that will be persisted in the tokens.
+                    identity.AddClaim(Claims.Subject, user.Id)
+                            .AddClaim(Claims.Email, user.Email)
+                            .AddClaim(Claims.Name, user.UserName)
+                            .AddClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

                    // Note: in this sample, the granted scopes match the requested scope
                    // but you may want to allow the user to uncheck specific scopes.
@ -258,11 +264,16 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers
            }

            // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-            var identity = new ClaimsIdentity(OpenIddictServerOwinDefaults.AuthenticationType)
-                .AddClaim(Claims.Subject, user.Id)
-                .AddClaim(Claims.Email, user.Email)
-                .AddClaim(Claims.Name, user.UserName)
-                .AddClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());
+            var identity = new ClaimsIdentity(
+                authenticationType: OpenIddictServerOwinDefaults.AuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role);
+
+            // Add the claims that will be persisted in the tokens.
+            identity.AddClaim(Claims.Subject, user.Id)
+                    .AddClaim(Claims.Email, user.Email)
+                    .AddClaim(Claims.Name, user.UserName)
+                    .AddClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

            // Note: in this sample, the granted scopes match the requested scope
            // but you may want to allow the user to uncheck specific scopes.
@ -374,7 +385,11 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers
                    return new EmptyResult();
                }

-                var identity = new ClaimsIdentity(result.Identity.Claims, OpenIddictServerOwinDefaults.AuthenticationType);
+                var identity = new ClaimsIdentity(result.Identity.Claims,
+                    authenticationType: OpenIddictServerOwinDefaults.AuthenticationType,
+                    nameType: Claims.Name,
+                    roleType: Claims.Role);
+
                identity.SetDestinations(GetDestinations);

                // Ask OpenIddict to issue the appropriate access/identity tokens.
--- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs
+++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs
@ -12,6 +12,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Primitives;
+using Microsoft.IdentityModel.Tokens;
 using OpenIddict.Abstractions;
 using OpenIddict.Client.AspNetCore;
 using OpenIddict.Sandbox.AspNetCore.Server.Helpers;
@ -172,11 +173,16 @@ public class AuthorizationController : Controller
            case ConsentTypes.External when authorizations.Any():
            case ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(Prompts.Consent):
                // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-                var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)
-                    .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
-                    .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
-                    .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
-                    .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());
+                var identity = new ClaimsIdentity(
+                    authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                    nameType: Claims.Name,
+                    roleType: Claims.Role);
+
+                // Add the claims that will be persisted in the tokens.
+                identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
+                        .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
+                        .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
+                        .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

                // Note: in this sample, the granted scopes match the requested scope
                // but you may want to allow the user to uncheck specific scopes.
@ -263,11 +269,16 @@ public class AuthorizationController : Controller
        }

        // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-        var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)
-            .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
-            .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
-            .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
-            .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());
+        var identity = new ClaimsIdentity(
+            authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+            nameType: Claims.Name,
+            roleType: Claims.Role);
+
+        // Add the claims that will be persisted in the tokens.
+        identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
+                .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
+                .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
+                .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

        // Note: in this sample, the granted scopes match the requested scope
        // but you may want to allow the user to uncheck specific scopes.
@ -355,11 +366,16 @@ public class AuthorizationController : Controller
        if (result.Succeeded)
        {
            // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-            var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)
-                .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
-                .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
-                .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
-                .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());
+            var identity = new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role);
+
+            // Add the claims that will be persisted in the tokens.
+            identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
+                    .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
+                    .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
+                    .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

            // Note: in this sample, the granted scopes match the requested scope
            // but you may want to allow the user to uncheck specific scopes.
@ -464,11 +480,16 @@ public class AuthorizationController : Controller
            }

            // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-            var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)
-                .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
-                .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
-                .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
-                .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());
+            var identity = new ClaimsIdentity(
+                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+                nameType: Claims.Name,
+                roleType: Claims.Role);
+
+            // Add the claims that will be persisted in the tokens.
+            identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
+                    .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user))
+                    .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
+                    .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

            // Note: in this sample, the granted scopes match the requested scope
            // but you may want to allow the user to uncheck specific scopes.