tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update OpenIddictValidationHandlers.Introspection.PopulateClaims to honor NameClaimType/RoleClaimType

pull/1028/head
Kévin Chalet 6 years ago
parent
0f42586959
commit
b1280b5e1a
1 changed files with 20 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      src/OpenIddict.Validation/OpenIddictValidationHandlers.Introspection.cs

27
src/OpenIddict.Validation/OpenIddictValidationHandlers.Introspection.cs
View File

@ -426,7 +426,17 @@ namespace OpenIddict.Validation
throw new ArgumentNullException(nameof(context)); throw new ArgumentNullException(nameof(context));
} }
var identity = new ClaimsIdentity(context.Options.TokenValidationParameters.AuthenticationType); // Create a new claims-based identity using the same authentication type
// and the name/role claims as the one used by IdentityModel for JWT tokens.
var identity = new ClaimsIdentity(
context.Options.TokenValidationParameters.AuthenticationType,
context.Options.TokenValidationParameters.NameClaimType,
context.Options.TokenValidationParameters.RoleClaimType);
// Resolve the issuer that will be attached to the claims created by this handler.
// Note: at this stage, the optional issuer extracted from the response is assumed
// to be valid, as it is guarded against unknown values by the ValidateIssuer handler.
var issuer = (string) context.Response[Claims.Issuer] ?? context.Issuer?.AbsoluteUri ?? ClaimsIdentity.DefaultIssuer;
foreach (var parameter in context.Response.GetParameters()) foreach (var parameter in context.Response.GetParameters())
{ {
@ -457,12 +467,14 @@ namespace OpenIddict.Validation
case (var name, JsonElement value) when value.ValueKind == JsonValueKind.Array: case (var name, JsonElement value) when value.ValueKind == JsonValueKind.Array:
foreach (var element in value.EnumerateArray()) foreach (var element in value.EnumerateArray())
{ {
identity.AddClaim(new Claim(name, element.ToString(), GetClaimValueType(value.ValueKind))); identity.AddClaim(new Claim(name, element.ToString(),
GetClaimValueType(value.ValueKind), issuer, issuer, identity));
} }
break; break;
case (var name, JsonElement value): case (var name, JsonElement value):
identity.AddClaim(new Claim(name, value.ToString(), GetClaimValueType(value.ValueKind))); identity.AddClaim(new Claim(name, value.ToString(),
GetClaimValueType(value.ValueKind), issuer, issuer, identity));
break; break;
// Note: in the typical case, the introspection parameters should be deserialized from // Note: in the typical case, the introspection parameters should be deserialized from
@ -471,22 +483,23 @@ namespace OpenIddict.Validation
// by the application using the events model, the CLR primitive types are also supported. // by the application using the events model, the CLR primitive types are also supported.
case (var name, bool value): case (var name, bool value):
identity.AddClaim(new Claim(name, value.ToString(), ClaimValueTypes.Boolean)); identity.AddClaim(new Claim(name, value.ToString(), ClaimValueTypes.Boolean, issuer, issuer, identity));
break; break;
case (var name, long value): case (var name, long value):
identity.AddClaim(new Claim(name, value.ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer64)); identity.AddClaim(new Claim(name, value.ToString(CultureInfo.InvariantCulture),
ClaimValueTypes.Integer64, issuer, issuer, identity));
break; break;
case (var name, string value): case (var name, string value):
identity.AddClaim(new Claim(name, value, ClaimValueTypes.String)); identity.AddClaim(new Claim(name, value, ClaimValueTypes.String, issuer, issuer, identity));
break; break;
// Claims represented as arrays are split and mapped to multiple CLR claims. // Claims represented as arrays are split and mapped to multiple CLR claims.
case (var name, string[] value): case (var name, string[] value):
for (var index = 0; index < value.Length; index++) for (var index = 0; index < value.Length; index++)
{ {
identity.AddClaim(new Claim(name, value[index], ClaimValueTypes.String)); identity.AddClaim(new Claim(name, value[index], ClaimValueTypes.String, issuer, issuer, identity));
} }
break; break;
} }

Write Preview
Loading…
Cancel
Save