tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Headless CMS and Content Managment Hub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5290 Commits
10 Branches
150 Tags
122 MiB
 
 
 
 
 
Tree: 335db844a3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '335db844a3'
${ noResults }
squidex/backend/src/Squidex/Config/Authentication/OidcHandler.cs

58 lines
2.0 KiB
Raw Blame History

// ==========================================================================
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex UG (haftungsbeschraenkt)
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Squidex.Shared.Identity;
namespace Squidex.Config.Authentication
{
public sealed class OidcHandler : OpenIdConnectEvents
{
private readonly MyIdentityOptions options;
public OidcHandler(MyIdentityOptions options)
{
this.options = options;
}
public override Task TokenValidated(TokenValidatedContext context)
{
var identity = (ClaimsIdentity)context.Principal!.Identity!;
if (!string.IsNullOrWhiteSpace(options.OidcRoleClaimType) && options.OidcRoleMapping?.Count >= 0)
{
var permissions = options.OidcRoleMapping
.Where(r => identity.HasClaim(options.OidcRoleClaimType, r.Key))
.SelectMany(r => r.Value)
.Distinct();
foreach (var permission in permissions)
{
identity.AddClaim(new Claim(SquidexClaimTypes.Permissions, permission));
}
}
return base.TokenValidated(context);
}
public override Task RedirectToIdentityProviderForSignOut(RedirectContext context)
{
if (!string.IsNullOrEmpty(options.OidcOnSignoutRedirectUrl))
{
var logoutUri = options.OidcOnSignoutRedirectUrl;
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
return base.RedirectToIdentityProviderForSignOut(context);
}
}
}