From 55a87bf9890f714cb110dda4903aebd4ba9ae360 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Wed, 1 Mar 2017 17:18:52 +0100 Subject: [PATCH] React to behavior changes in aspnet-contrib/AspNet.Security.OpenIdConnect.Server https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/commit/067531583a33f0a60cd08ec262902397d6f93f5d --- samples/Mvc.Server/Startup.cs | 11 +++++++++++ src/OpenIddict/OpenIddictExtensions.cs | 10 +++++++++- .../OpenIddictProviderTests.Exchange.cs | 6 +++--- .../OpenIddictProviderTests.Introspection.cs | 10 +++++----- test/OpenIddict.Tests/OpenIddictProviderTests.cs | 2 +- 5 files changed, 29 insertions(+), 10 deletions(-) diff --git a/samples/Mvc.Server/Startup.cs b/samples/Mvc.Server/Startup.cs index 708e754f..55d613e5 100644 --- a/samples/Mvc.Server/Startup.cs +++ b/samples/Mvc.Server/Startup.cs @@ -1,6 +1,7 @@ using System; using System.Threading; using System.Threading.Tasks; +using AspNet.Security.OpenIdConnect.Primitives; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Identity.EntityFrameworkCore; using Microsoft.EntityFrameworkCore; @@ -41,6 +42,16 @@ namespace Mvc.Server .AddEntityFrameworkStores() .AddDefaultTokenProviders(); + // Configure Identity to use the same JWT claims as OpenIddict instead + // of the legacy WS-Federation claims it uses by default (ClaimTypes), + // which saves you from doing the mapping in your authorization controller. + services.Configure(options => + { + options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name; + options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject; + options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role; + }); + // Register the OpenIddict services. services.AddOpenIddict() // Register the Entity Framework stores. diff --git a/src/OpenIddict/OpenIddictExtensions.cs b/src/OpenIddict/OpenIddictExtensions.cs index 075ab60d..6ce4490f 100644 --- a/src/OpenIddict/OpenIddictExtensions.cs +++ b/src/OpenIddict/OpenIddictExtensions.cs @@ -5,6 +5,7 @@ */ using System; +using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.IO; using System.Linq; @@ -873,7 +874,14 @@ namespace Microsoft.AspNetCore.Builder throw new ArgumentNullException(nameof(builder)); } - return builder.Configure(options => options.AccessTokenHandler = new JwtSecurityTokenHandler()); + return builder.Configure(options => + { + options.AccessTokenHandler = new JwtSecurityTokenHandler + { + InboundClaimTypeMap = new Dictionary(), + OutboundClaimTypeMap = new Dictionary() + }; + }); } } } \ No newline at end of file diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs index 7af6e32d..6e7bb66c 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs @@ -555,7 +555,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -617,7 +617,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -682,7 +682,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs index 722d3385..65f50457 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs @@ -179,7 +179,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -234,7 +234,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -290,7 +290,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -346,7 +346,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -410,7 +410,7 @@ namespace OpenIddict.Tests { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.cs index 3bcd5215..eb93fafc 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.cs @@ -136,7 +136,7 @@ namespace OpenIddict.Tests if (request.IsAuthorizationRequest() || request.IsTokenRequest()) { var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); - identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Magnifique"); + identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Magnifique"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity),