From 63f09f278102f0bcad70ed5f2d396cda67ec3a08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Tue, 16 Apr 2024 21:56:24 +0200 Subject: [PATCH] Update the OpenIddict client ASP.NET Core/OWIN integrations to support overriding the requested scopes via AuthenticationProperties --- .../OpenIddictClientAspNetCoreConstants.cs | 1 + .../OpenIddictClientAspNetCoreHandlers.cs | 7 +++++++ .../OpenIddictClientOwinConstants.cs | 1 + src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs | 7 +++++++ 4 files changed, 16 insertions(+) diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs index 0791e7b3..6131fd7d 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreConstants.cs @@ -27,6 +27,7 @@ public static class OpenIddictClientAspNetCoreConstants public const string ProviderName = ".provider_name"; public const string RefreshTokenPrincipal = ".refresh_token_principal"; public const string RegistrationId = ".registration_id"; + public const string Scope = ".scope"; public const string StateTokenPrincipal = ".state_token_principal"; public const string UserinfoTokenPrincipal = ".userinfo_token_principal"; } diff --git a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs index bd95192e..79cb65ac 100644 --- a/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs +++ b/src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandlers.cs @@ -612,6 +612,13 @@ public static partial class OpenIddictClientAspNetCoreHandlers context.LoginHint = hint; } + // If a scope was specified, attach it to the context. + if (properties.Items.TryGetValue(Properties.Scope, out string? scope) && + !string.IsNullOrEmpty(scope)) + { + context.Scopes.UnionWith(scope.Split(Separators.Space, StringSplitOptions.RemoveEmptyEntries)); + } + foreach (var property in properties.Items) { context.Properties[property.Key] = property.Value; diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs index e928415a..5413566e 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinConstants.cs @@ -36,6 +36,7 @@ public static class OpenIddictClientOwinConstants public const string ProviderName = ".provider_name"; public const string RefreshTokenPrincipal = ".refresh_token_principal"; public const string RegistrationId = ".registration_id"; + public const string Scope = ".scope"; public const string StateTokenPrincipal = ".state_token_principal"; public const string UserinfoTokenPrincipal = ".userinfo_token_principal"; } diff --git a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs index 00a94ae1..91bf94c4 100644 --- a/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs +++ b/src/OpenIddict.Client.Owin/OpenIddictClientOwinHandlers.cs @@ -624,6 +624,13 @@ public static partial class OpenIddictClientOwinHandlers context.LoginHint = hint; } + // If a scope was specified, attach it to the context. + if (properties.Dictionary.TryGetValue(Properties.Scope, out string? scope) && + !string.IsNullOrEmpty(scope)) + { + context.Scopes.UnionWith(scope.Split(Separators.Space, StringSplitOptions.RemoveEmptyEntries)); + } + // Note: unlike ASP.NET Core, OWIN's AuthenticationProperties doesn't offer a strongly-typed // dictionary that allows flowing parameters while preserving their original types. To allow // returning custom parameters, the OWIN host allows using AuthenticationProperties.Dictionary