public async override Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject,
Resources resources, ValidatedRequest request)
{
var arbitraryClaimsCheck = request.Raw.ContainsAny(RequiredArbitraryClaimsArgument);
var arbitraryScopesCheck = request.Raw.ContainsAny(RequiredArbitraryScopes);
if (!arbitraryClaimsCheck && !arbitraryScopesCheck)
{
var missing = string.Join(",", RequiredArbitraryClaimsArgument.ToArray());
missing += ",";
missing += string.Join(",", RequiredArbitraryScopes.ToArray());
var ex = new Exception(string.Format("RequiredArgument failed need the following [{0}]", missing));
_logger.LogError(LoggingEvents.REQUIRED_ITEMS_MISSING, ex);
throw ex;
}
var result = base.GetAccessTokenClaimsAsync(subject, resources, request);
var rr = request.Raw.AllKeys.ToDictionary(k => k, k => request.Raw[k]);
List <Claim> finalClaims = new List <Claim>(result.Result);
if (arbitraryScopesCheck)
{
var newScopes = rr["arbitrary-scopes"].Split(new char[] { ' ', '\t' },
StringSplitOptions.RemoveEmptyEntries);
if (_privateClaimsScopesValidation.ValidatePrivateArbitraryScopes(rr["client_id"], newScopes))
{
foreach (var scope in newScopes)
{
finalClaims.Add(new Claim("scope", scope));
}
}
}
Dictionary <string, string> values;
if (arbitraryClaimsCheck)
{
values =
JsonConvert.DeserializeObject <Dictionary <string, string> >(rr["arbitrary-claims"]);
// paranoia check. In no way can we allow creation which tries to spoof someone elses client_id.
var qq = from item in values
let c = item.Key
select c;
if (_privateClaimsScopesValidation.ValidatePrivateArbitraryClaims(rr["client_id"], qq.ToArray()))
{
var query = from value in values
where string.Compare(value.Key, "client_id", true) != 0
select value;
var trimmedClaims = query.ToList();
finalClaims.AddRange(trimmedClaims.Select(value => new Claim(value.Key, value.Value)));
}
}
if (subject != null)
{
finalClaims.AddRange(subject.Claims.Where(p2 =>
finalClaims.All(p1 => p1.Type != p2.Type)));
}
// if we find any, than add them to the original and send that back.
IEnumerable <Claim> claimresults = finalClaims;
return(claimresults);
}
public override Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Client client,
IEnumerable <Scope> scopes, ValidatedRequest request)
{
var arbitraryClaimsCheck = request.Raw.Validate(RequiredArbitraryClaimsArgument);
var arbitraryScopesCheck = request.Raw.Validate(RequiredArbitraryScopes);
if (!arbitraryClaimsCheck && !arbitraryScopesCheck)
{
var missing = string.Join(",", RequiredArbitraryClaimsArgument.ToArray());
missing += ",";
missing += string.Join(",", RequiredArbitraryScopes.ToArray());
throw new Exception(string.Format("RequiredArgument failed need the following [{0}]", missing));
}
var result = base.GetAccessTokenClaimsAsync(subject, client, scopes, request);
var rr = request.Raw.AllKeys.ToDictionary(k => k, k => request.Raw[k]);
List <Claim> finalClaims = new List <Claim>(result.Result);
if (arbitraryScopesCheck)
{
var newScopes = rr["arbitrary-scopes"].Split(new char[] { ' ', '\t' },
StringSplitOptions.RemoveEmptyEntries);
foreach (var scope in newScopes)
{
finalClaims.Add(new Claim("scope", scope));
}
}
Dictionary <string, string> values;
if (arbitraryClaimsCheck)
{
values =
JsonConvert.DeserializeObject <Dictionary <string, string> >(rr["arbitrary-claims"]);
finalClaims.AddRange(values.Select(value => new Claim(value.Key, value.Value)));
}
if (subject != null)
{
finalClaims.AddRange(subject.Claims.Where(p2 =>
finalClaims.All(p1 => p1.Type != p2.Type)));
}
// if we find any, than add them to the original and send that back.
IEnumerable <Claim> claimresults = finalClaims;
var taskResult = Task.FromResult(claimresults);
return(taskResult);
}
