// todo
///// <summary>
///// Initializes a new instance of the <see cref="DefaultTokenService" /> class.
///// </summary>
///// <param name="options">The options.</param>
///// <param name="claimsProvider">The claims provider.</param>
///// <param name="tokenHandles">The token handles.</param>
///// <param name="signingService">The signing service.</param>
///// <param name="events">The OWIN environment service.</param>
///// <param name="owinEnvironmentService">The events service.</param>
//public DefaultTokenService(IdentityServerOptions options, IClaimsProvider claimsProvider, ITokenHandleStore tokenHandles, ITokenSigningService signingService, IEventService events, OwinEnvironmentService owinEnvironmentService)
//{
// _options = options;
// _claimsProvider = claimsProvider;
// _tokenHandles = tokenHandles;
// _signingService = signingService;
// _events = events;
// _owinEnvironmentService = owinEnvironmentService;
//}
/// <summary>
/// Creates an identity token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An identity token
/// </returns>
public virtual async Task <Token> CreateIdentityTokenAsync(TokenCreationRequest request)
{
_logger.LogVerbose("Creating identity token");
request.Validate();
// host provided claims
var claims = new List <Claim>();
// if nonce was sent, must be mirrored in id token
if (request.Nonce.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.Nonce, request.Nonce));
}
// add iat claim
claims.Add(new Claim(Constants.ClaimTypes.IssuedAt, DateTimeOffsetHelper.UtcNow.ToEpochTime().ToString(), ClaimValueTypes.Integer));
// add at_hash claim
if (request.AccessTokenToHash.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.AccessTokenHash, HashAdditionalData(request.AccessTokenToHash)));
}
// add c_hash claim
if (request.AuthorizationCodeToHash.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.AuthorizationCodeHash, HashAdditionalData(request.AuthorizationCodeToHash)));
}
// add sid if present
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
claims.AddRange(await _claimsProvider.GetIdentityTokenClaimsAsync(
request.Subject,
request.Client,
request.Scopes,
request.IncludeAllIdentityClaims,
request.ValidatedRequest));
var issuer = _context.GetIssuerUri();
var token = new Token(Constants.TokenTypes.IdentityToken)
{
Audience = request.Client.ClientId,
Issuer = issuer,
Lifetime = request.Client.IdentityTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
Client = request.Client
};
return(token);
}
public virtual async Task <Token> CreateIdentityTokenAsync(ClaimsPrincipal subject, Client client, IEnumerable <Scope> scopes, bool includeAllIdentityClaims, NameValueCollection request, string accessTokenToHash = null)
{
Logger.Debug("Creating identity token");
// host provided claims
var claims = new List <Claim>();
// if nonce was sent, must be mirrored in id token
var nonce = request.Get(Constants.AuthorizeRequest.Nonce);
if (nonce.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.Nonce, nonce));
}
// add iat claim
claims.Add(new Claim(Constants.ClaimTypes.IssuedAt, DateTime.UtcNow.ToEpochTime().ToString(), ClaimValueTypes.Integer));
// add at_hash claim
if (accessTokenToHash.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.AccessTokenHash, HashAccessToken(accessTokenToHash)));
}
claims.AddRange(await _claimsProvider.GetIdentityTokenClaimsAsync(
subject,
client,
scopes,
_settings,
includeAllIdentityClaims,
_users,
request));
var token = new Token(Constants.TokenTypes.IdentityToken)
{
Audience = client.ClientId,
Issuer = _settings.IssuerUri,
Lifetime = client.IdentityTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
Client = client
};
return(token);
}
