public async Task IssueAccessTokenAsync(TokenGeneratingContext context)
        {
            var accessToken = await CreateAccessTokenAsync(context);

            var subjectIdentity = CreateSubject(accessToken);

            var descriptor = new SecurityTokenDescriptor();

            descriptor.Issuer    = accessToken.Issuer;
            descriptor.Audience  = accessToken.Audience;
            descriptor.Subject   = subjectIdentity;
            descriptor.Expires   = accessToken.Expires.UtcDateTime;
            descriptor.NotBefore = accessToken.NotBefore.UtcDateTime;

            var credentialsDescriptor = await _credentialsProvider.GetSigningCredentialsAsync();

            descriptor.SigningCredentials = credentialsDescriptor.Credentials;

            var token = _handler.CreateJwtSecurityToken(descriptor);

            token.Payload.Remove(IdentityServiceClaimTypes.JwtId);
            token.Payload.Remove(IdentityServiceClaimTypes.IssuedAt);
            //token.Payload.Add(IdentityServiceClaimTypes.JwtId, accessToken.Id);

            context.AddToken(new TokenResult(accessToken, _handler.WriteToken(token), TokenKinds.Bearer));
        }
Beispiel #2
0
        public async Task IssueIdTokenAsync(TokenGeneratingContext context)
        {
            var idToken = await CreateIdTokenAsync(context);

            var subjectIdentity = CreateSubject(idToken);

            var descriptor = new SecurityTokenDescriptor();

            descriptor.Issuer    = idToken.Issuer;
            descriptor.Audience  = idToken.Audience;
            descriptor.Subject   = subjectIdentity;
            descriptor.IssuedAt  = idToken.IssuedAt.UtcDateTime;
            descriptor.Expires   = idToken.Expires.UtcDateTime;
            descriptor.NotBefore = idToken.NotBefore.UtcDateTime;

            var credentialsDescriptor = await _credentialsProvider.GetSigningCredentialsAsync();

            descriptor.SigningCredentials = credentialsDescriptor.Credentials;

            var token = _handler.CreateJwtSecurityToken(descriptor);

            token.Payload.Remove(IdentityServiceClaimTypes.JwtId);
            //token.Payload.Add(IdentityServiceClaimTypes.JwtId, idToken.Id);

            if (idToken.Nonce != null)
            {
                token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.Nonce, idToken.Nonce));
            }

            if (idToken.CodeHash != null)
            {
                token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.CodeHash, idToken.CodeHash));
            }

            if (idToken.AccessTokenHash != null)
            {
                token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.AccessTokenHash, idToken.AccessTokenHash));
            }

            context.AddToken(new TokenResult(idToken, _handler.WriteToken(token)));
        }