From 3bceb9ff58fd6ae7147e9f213427fb5d4e62289e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Thu, 4 Aug 2022 22:22:26 +0200 Subject: [PATCH] Update the samples to use the ClaimsIdentity constructor taking the name and role claim types --- .../Controllers/AuthorizationController.cs | 37 +++++++---- .../Controllers/AuthorizationController.cs | 61 +++++++++++++------ 2 files changed, 67 insertions(+), 31 deletions(-) diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs index ee8a216c..2054222c 100644 --- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/AuthorizationController.cs @@ -14,6 +14,7 @@ using System.Web; using System.Web.Mvc; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.Owin; +using Microsoft.IdentityModel.Tokens; using Microsoft.Owin.Security; using OpenIddict.Abstractions; using OpenIddict.Client.Owin; @@ -142,11 +143,16 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers case ConsentTypes.External when authorizations.Any(): case ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(Prompts.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. - var identity = new ClaimsIdentity(OpenIddictServerOwinDefaults.AuthenticationType) - .AddClaim(Claims.Subject, user.Id) - .AddClaim(Claims.Email, user.Email) - .AddClaim(Claims.Name, user.UserName) - .AddClaims(Claims.Role, (await context.Get().GetRolesAsync(user.Id)).ToImmutableArray()); + var identity = new ClaimsIdentity( + authenticationType: OpenIddictServerOwinDefaults.AuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + + // Add the claims that will be persisted in the tokens. + identity.AddClaim(Claims.Subject, user.Id) + .AddClaim(Claims.Email, user.Email) + .AddClaim(Claims.Name, user.UserName) + .AddClaims(Claims.Role, (await context.Get().GetRolesAsync(user.Id)).ToImmutableArray()); // Note: in this sample, the granted scopes match the requested scope // but you may want to allow the user to uncheck specific scopes. @@ -258,11 +264,16 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers } // Create the claims-based identity that will be used by OpenIddict to generate tokens. - var identity = new ClaimsIdentity(OpenIddictServerOwinDefaults.AuthenticationType) - .AddClaim(Claims.Subject, user.Id) - .AddClaim(Claims.Email, user.Email) - .AddClaim(Claims.Name, user.UserName) - .AddClaims(Claims.Role, (await context.Get().GetRolesAsync(user.Id)).ToImmutableArray()); + var identity = new ClaimsIdentity( + authenticationType: OpenIddictServerOwinDefaults.AuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + + // Add the claims that will be persisted in the tokens. + identity.AddClaim(Claims.Subject, user.Id) + .AddClaim(Claims.Email, user.Email) + .AddClaim(Claims.Name, user.UserName) + .AddClaims(Claims.Role, (await context.Get().GetRolesAsync(user.Id)).ToImmutableArray()); // Note: in this sample, the granted scopes match the requested scope // but you may want to allow the user to uncheck specific scopes. @@ -374,7 +385,11 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers return new EmptyResult(); } - var identity = new ClaimsIdentity(result.Identity.Claims, OpenIddictServerOwinDefaults.AuthenticationType); + var identity = new ClaimsIdentity(result.Identity.Claims, + authenticationType: OpenIddictServerOwinDefaults.AuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + identity.SetDestinations(GetDestinations); // Ask OpenIddict to issue the appropriate access/identity tokens. diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs index 9c2417a6..c3e1ce8e 100644 --- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs +++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Controllers/AuthorizationController.cs @@ -12,6 +12,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Primitives; +using Microsoft.IdentityModel.Tokens; using OpenIddict.Abstractions; using OpenIddict.Client.AspNetCore; using OpenIddict.Sandbox.AspNetCore.Server.Helpers; @@ -172,11 +173,16 @@ public class AuthorizationController : Controller case ConsentTypes.External when authorizations.Any(): case ConsentTypes.Explicit when authorizations.Any() && !request.HasPrompt(Prompts.Consent): // Create the claims-based identity that will be used by OpenIddict to generate tokens. - var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme) - .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) - .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) - .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) - .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); + var identity = new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + + // Add the claims that will be persisted in the tokens. + identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) + .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) + .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) + .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); // Note: in this sample, the granted scopes match the requested scope // but you may want to allow the user to uncheck specific scopes. @@ -263,11 +269,16 @@ public class AuthorizationController : Controller } // Create the claims-based identity that will be used by OpenIddict to generate tokens. - var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme) - .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) - .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) - .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) - .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); + var identity = new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + + // Add the claims that will be persisted in the tokens. + identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) + .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) + .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) + .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); // Note: in this sample, the granted scopes match the requested scope // but you may want to allow the user to uncheck specific scopes. @@ -355,11 +366,16 @@ public class AuthorizationController : Controller if (result.Succeeded) { // Create the claims-based identity that will be used by OpenIddict to generate tokens. - var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme) - .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) - .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) - .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) - .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); + var identity = new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + + // Add the claims that will be persisted in the tokens. + identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) + .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) + .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) + .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); // Note: in this sample, the granted scopes match the requested scope // but you may want to allow the user to uncheck specific scopes. @@ -464,11 +480,16 @@ public class AuthorizationController : Controller } // Create the claims-based identity that will be used by OpenIddict to generate tokens. - var identity = new ClaimsIdentity(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme) - .AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) - .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) - .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) - .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); + var identity = new ClaimsIdentity( + authenticationType: TokenValidationParameters.DefaultAuthenticationType, + nameType: Claims.Name, + roleType: Claims.Role); + + // Add the claims that will be persisted in the tokens. + identity.AddClaim(Claims.Subject, await _userManager.GetUserIdAsync(user)) + .AddClaim(Claims.Email, await _userManager.GetEmailAsync(user)) + .AddClaim(Claims.Name, await _userManager.GetUserNameAsync(user)) + .AddClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray()); // Note: in this sample, the granted scopes match the requested scope // but you may want to allow the user to uncheck specific scopes.