private async Task <List <Claim> > GetIssueClaimsAsync(long userId, IReadOnlyCollection <string> requestedClaimTypes) { UserWithRole user = await _identityServer.UserOrFailAsync(userId); var principal = await _claimsFactory.CreateAsync(user.User); List <Claim> claims = principal .Claims .Where(claim => requestedClaimTypes.Contains(claim.Type)) .ToList(); return(AddClaims(claims, user)); }
private List <Claim> AddClaims(List <Claim> claims, UserWithRole user) { claims.Add(new Claim(ClaimTypes.NameIdentifier, user.User.Id.ToString())); claims.Add(new Claim(JwtClaimTypes.GivenName, user.User.FirstName)); claims.Add(new Claim(JwtClaimTypes.FamilyName, user.User.LastName)); claims.Add(new Claim(JwtClaimTypes.Email, user.User.Email)); claims.Add(new Claim(type: JwtClaimTypes.NickName, value: user.User.UserName)); claims.Add(new Claim(ClaimTypes.Email, user.User.Email)); claims.Add(new Claim(IdentityServerConstants.StandardScopes.Email, user.User.Email)); claims.Add(new Claim(CustomClaimTypes.FirstName, user.User.FirstName)); claims.Add(new Claim(CustomClaimTypes.LastName, user.User.LastName)); claims.Add(new Claim(CustomClaimTypes.Username, user.User.UserName)); claims.Add(new Claim(ClaimTypes.GivenName, user.User.FirstName)); claims.Add(new Claim(ClaimTypes.Surname, user.User.LastName)); // note: to dynamically add roles (ie. for users other than consumers - simply look them up by sub id // need this for role-based authorization // https://stackoverflow.com/questions/40844310/role-based-authorization-with-identityserver4 claims.Add(new Claim(type: ClaimTypes.Role, value: user.Role.ToString())); var loggedInAsAnotherUser = _httpContextAccessor.HttpContext.Session.GetInt32(CustomClaimTypes.LoggedInAsAnotherPerson); if (loggedInAsAnotherUser != null) { claims.Add(new Claim(CustomClaimTypes.EmailConfirmed, false.ToString(), ClaimValueTypes.Boolean)); claims.Add(new Claim(CustomClaimTypes.LoggedInAsAnotherPerson, true.ToString(), ClaimValueTypes.Boolean)); _httpContextAccessor.HttpContext.Session.Remove(CustomClaimTypes.LoggedInAsAnotherPerson); } else { claims.Add(new Claim(CustomClaimTypes.EmailConfirmed, true.ToString(), ClaimValueTypes.Boolean)); } return(claims); }