From d296738afef6012fcb65c28878d0620b5f2529d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Sun, 1 Nov 2015 20:42:54 +0100 Subject: [PATCH] Implement native grant_type=client_credentials support --- src/OpenIddict.Core/OpenIddictProvider.cs | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/OpenIddict.Core/OpenIddictProvider.cs b/src/OpenIddict.Core/OpenIddictProvider.cs index 6e9a9ac1..c0aaec75 100644 --- a/src/OpenIddict.Core/OpenIddictProvider.cs +++ b/src/OpenIddict.Core/OpenIddictProvider.cs @@ -197,13 +197,12 @@ namespace OpenIddict { // Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization server uses a stricter policy // rejecting the last one. You may consider relaxing it to support the client credentials grant types. - if (!context.Request.IsAuthorizationCodeGrantType() && - !context.Request.IsRefreshTokenGrantType() && - !context.Request.IsPasswordGrantType()) { + if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType() && + !context.Request.IsPasswordGrantType() && !context.Request.IsClientCredentialsGrantType()) { context.Rejected( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, - description: "Only authorization code and refresh token grant types " + - "are accepted by this authorization server."); + description: "Only authorization code, refresh token, client credentials " + + "and password grants are accepted by this authorization server."); } return Task.FromResult(null); @@ -309,6 +308,20 @@ namespace OpenIddict { } } + public override async Task GrantClientCredentials([NotNull] GrantClientCredentialsContext context) { + var manager = context.HttpContext.RequestServices.GetRequiredService>(); + + // Retrieve the application details corresponding to the requested client_id. + var application = await manager.FindApplicationByIdAsync(context.ClientId); + Debug.Assert(application != null); + + var identity = new ClaimsIdentity(context.Options.AuthenticationScheme); + identity.AddClaim(ClaimTypes.NameIdentifier, context.ClientId); + identity.AddClaim(ClaimTypes.Name, await manager.GetDisplayNameAsync(application)); + + context.Validated(new ClaimsPrincipal(identity)); + } + public override async Task GrantResourceOwnerCredentials([NotNull] GrantResourceOwnerCredentialsContext context) { var manager = context.HttpContext.RequestServices.GetRequiredService>();