diff --git a/backend/src/Squidex.Domain.Apps.Entities.MongoDb/Contents/Operations/QueryAsStream.cs b/backend/src/Squidex.Domain.Apps.Entities.MongoDb/Contents/Operations/QueryAsStream.cs index d58694bd2..ac2a0106e 100644 --- a/backend/src/Squidex.Domain.Apps.Entities.MongoDb/Contents/Operations/QueryAsStream.cs +++ b/backend/src/Squidex.Domain.Apps.Entities.MongoDb/Contents/Operations/QueryAsStream.cs @@ -8,7 +8,6 @@ using System.Collections.Generic; using System.Runtime.CompilerServices; using System.Threading; -using System.Threading.Tasks; using MongoDB.Driver; using Squidex.Domain.Apps.Entities.Contents; using Squidex.Infrastructure; diff --git a/backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryService.cs b/backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryService.cs index 2aa1dd54f..8b7e7c6e1 100644 --- a/backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryService.cs +++ b/backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryService.cs @@ -17,6 +17,7 @@ using Squidex.Infrastructure.Security; using Squidex.Infrastructure.Translations; using Squidex.Log; using Squidex.Shared; +using Squidex.Shared.Identity; namespace Squidex.Domain.Apps.Entities.Contents.Queries { diff --git a/backend/src/Squidex.Domain.Apps.Entities/Schemas/ISchemasHash.cs b/backend/src/Squidex.Domain.Apps.Entities/Schemas/ISchemasHash.cs index 659c01d09..3ddeef9f1 100644 --- a/backend/src/Squidex.Domain.Apps.Entities/Schemas/ISchemasHash.cs +++ b/backend/src/Squidex.Domain.Apps.Entities/Schemas/ISchemasHash.cs @@ -9,7 +9,6 @@ using System.Collections.Generic; using System.Threading.Tasks; using NodaTime; using Squidex.Domain.Apps.Entities.Apps; -using Squidex.Infrastructure; namespace Squidex.Domain.Apps.Entities.Schemas { diff --git a/backend/src/Squidex.Infrastructure/Security/Extensions.cs b/backend/src/Squidex.Infrastructure/Security/Extensions.cs index d359f96cd..332f202ba 100644 --- a/backend/src/Squidex.Infrastructure/Security/Extensions.cs +++ b/backend/src/Squidex.Infrastructure/Security/Extensions.cs @@ -16,17 +16,18 @@ namespace Squidex.Infrastructure.Security public static RefToken? Token(this ClaimsPrincipal principal) { var subjectId = principal.OpenIdSubject(); + var subjectName = principal.OpenIdName(); var clientId = principal.OpenIdClientId(); - if (!string.IsNullOrWhiteSpace(clientId) && (string.Equals(clientId, subjectId, StringComparison.Ordinal) || string.IsNullOrWhiteSpace(subjectId))) + if (!string.IsNullOrWhiteSpace(subjectId) && !string.IsNullOrWhiteSpace(subjectName)) { - return RefToken.Client(clientId); + return RefToken.User(subjectId); } - if (!string.IsNullOrWhiteSpace(subjectId)) + if (!string.IsNullOrWhiteSpace(clientId)) { - return RefToken.User(subjectId); + return RefToken.Client(clientId); } return null; @@ -57,11 +58,6 @@ namespace Squidex.Infrastructure.Security return principal.Claims.FirstOrDefault(x => x.Type == OpenIdClaims.Name)?.Value; } - public static string? OpenIdNickName(this ClaimsPrincipal principal) - { - return principal.Claims.FirstOrDefault(x => x.Type == OpenIdClaims.NickName)?.Value; - } - public static string? OpenIdEmail(this ClaimsPrincipal principal) { return principal.Claims.FirstOrDefault(x => x.Type == OpenIdClaims.Email)?.Value; diff --git a/backend/src/Squidex/Areas/IdentityServer/Config/ApplicationExtensions.cs b/backend/src/Squidex/Areas/IdentityServer/Config/ApplicationExtensions.cs index 61c504369..80016cae9 100644 --- a/backend/src/Squidex/Areas/IdentityServer/Config/ApplicationExtensions.cs +++ b/backend/src/Squidex/Areas/IdentityServer/Config/ApplicationExtensions.cs @@ -10,6 +10,7 @@ using System.Linq; using System.Security.Claims; using System.Text.Json; using OpenIddict.Abstractions; +using Squidex.Infrastructure.Security; using Squidex.Shared; using Squidex.Shared.Identity; using Squidex.Shared.Users; @@ -50,6 +51,11 @@ namespace Squidex.Areas.IdentityServer.Config { foreach (var claimValue in values) { + if (key == SquidexClaimTypes.DisplayName) + { + yield return new Claim(OpenIdClaims.Name, claimValue); + } + yield return new Claim(key, claimValue); } } diff --git a/backend/src/Squidex/Areas/IdentityServer/Controllers/Connect/ConnectController.cs b/backend/src/Squidex/Areas/IdentityServer/Controllers/Connect/ConnectController.cs index ecb126e97..891a2bc49 100644 --- a/backend/src/Squidex/Areas/IdentityServer/Controllers/Connect/ConnectController.cs +++ b/backend/src/Squidex/Areas/IdentityServer/Controllers/Connect/ConnectController.cs @@ -184,19 +184,11 @@ namespace Notifo.Areas.Account.Controllers var principal = new ClaimsPrincipal(identity); - var clientId = request.ClientId; - var clientName = await applicationManager.GetDisplayNameAsync(application); - - if (clientId != null) + if (request.ClientId != null) { - identity.AddClaim(Claims.Subject, clientId, - Destinations.AccessToken, Destinations.IdentityToken); - } - - if (clientName != null) - { - identity.AddClaim(Claims.Name, clientName, - Destinations.AccessToken, Destinations.IdentityToken); + identity.AddClaim(Claims.Subject, request.ClientId, + Destinations.AccessToken, + Destinations.IdentityToken); } var properties = await applicationManager.GetPropertiesAsync(application); @@ -228,7 +220,7 @@ namespace Notifo.Areas.Account.Controllers { switch (claim.Type) { - case SquidexClaimTypes.DisplayName when principal.HasScope(Scopes.Profile): + case SquidexClaimTypes.DisplayName: yield return Destinations.IdentityToken; yield break; @@ -274,13 +266,6 @@ namespace Notifo.Areas.Account.Controllers } yield break; - - case "AspNet.Identity.SecurityStamp": - yield break; - - default: - yield return Destinations.AccessToken; - yield break; } } } diff --git a/backend/tests/Squidex.Domain.Apps.Entities.Tests/Schemas/MongoDb/SchemasHashTests.cs b/backend/tests/Squidex.Domain.Apps.Entities.Tests/Schemas/MongoDb/SchemasHashTests.cs index 6e4c7b622..90c188e08 100644 --- a/backend/tests/Squidex.Domain.Apps.Entities.Tests/Schemas/MongoDb/SchemasHashTests.cs +++ b/backend/tests/Squidex.Domain.Apps.Entities.Tests/Schemas/MongoDb/SchemasHashTests.cs @@ -9,7 +9,6 @@ using System.Threading.Tasks; using FakeItEasy; using NodaTime; using Squidex.Domain.Apps.Entities.Apps; -using Squidex.Domain.Apps.Events.Apps; using Squidex.Domain.Apps.Events.Schemas; using Squidex.Infrastructure; using Squidex.Infrastructure.EventSourcing; diff --git a/backend/tests/Squidex.Infrastructure.Tests/Security/ExtensionsTests.cs b/backend/tests/Squidex.Infrastructure.Tests/Security/ExtensionsTests.cs index bde17b9bf..5d892a011 100644 --- a/backend/tests/Squidex.Infrastructure.Tests/Security/ExtensionsTests.cs +++ b/backend/tests/Squidex.Infrastructure.Tests/Security/ExtensionsTests.cs @@ -37,12 +37,6 @@ namespace Squidex.Infrastructure.Security TestClaimExtension(OpenIdClaims.Name, x => x.OpenIdName()); } - [Fact] - public void Should_retrieve_nickname() - { - TestClaimExtension(OpenIdClaims.NickName, x => x.OpenIdNickName()); - } - [Fact] public void Should_retrieve_email() {