/// <summary> /// Creates an IdentityServer claims principal /// </summary> /// <returns></returns> /// <exception cref="ArgumentNullException"></exception> public ClaimsPrincipal CreatePrincipal() { if (SubjectId.IsMissing()) { throw new ArgumentException("SubjectId is mandatory", nameof(SubjectId)); } var claims = new List <Claim> { new Claim(JwtClaimTypes.Subject, SubjectId) }; if (DisplayName.IsPresent()) { claims.Add(new Claim(JwtClaimTypes.Name, DisplayName)); } if (IdentityProvider.IsPresent()) { claims.Add(new Claim(JwtClaimTypes.IdentityProvider, IdentityProvider)); } if (Tenant.IsPresent()) { claims.Add(new Claim(IdentityServerConstants.ClaimTypes.Tenant, Tenant)); } if (AuthenticationTime.HasValue) { claims.Add(new Claim(JwtClaimTypes.AuthenticationTime, new DateTimeOffset(AuthenticationTime.Value).ToUnixTimeSeconds().ToString())); } if (AuthenticationMethods.Any()) { foreach (var amr in AuthenticationMethods) { claims.Add(new Claim(JwtClaimTypes.AuthenticationMethod, amr)); } } claims.AddRange(AdditionalClaims); var id = new ClaimsIdentity(claims.Distinct(new ClaimComparer()), Constants.IdentityServerAuthenticationType, JwtClaimTypes.Name, JwtClaimTypes.Role); return(new ClaimsPrincipal(id)); }