protected BaseAuthorizationHandler(IOptions <IdentityAuthorizationOptions> options, IHttpContextAccessor httpContextAccessor, DiscoveryInfoProvider discoveryInfoProvider)
{
_httpContextAccessor = httpContextAccessor;
DiscoveryInfoProvider = discoveryInfoProvider;
Options = options.Value;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, EmailVerifiedRequirement requirement)
{
var discoveryInfo = await DiscoveryInfoProvider.GetDiscoveryInfo();
if (discoveryInfo.Exception != null)
{
throw discoveryInfo.Exception;
}
// retrieve user info from ids
var client = new HttpClient();
var usrInfo = await client.GetUserInfoAsync(new UserInfoRequest
{
Address = discoveryInfo.UserInfoEndpoint,
Token = Token
});
if (usrInfo.Claims == null)
{
context.Fail();
return;
}
// retrieve email verified claim, check for claim type in options
var targetClaim = usrInfo.Claims.FirstOrDefault(c => c.Type == Options.EmailVerifiedClaim);
if (targetClaim == null)
{
context.Fail();
return;
}
// check if claim value is "true" or "True"
if (targetClaim.Value.Equals("true", StringComparison.InvariantCultureIgnoreCase))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
public EmailVerifiedAuthorizationHandler(IOptions <IdentityAuthorizationOptions> options,
IHttpContextAccessor httpContextAccessor, DiscoveryInfoProvider discoveryInfoProvider) : base(options,
httpContextAccessor, discoveryInfoProvider)
{
}
