/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.ValidatedResources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16)));
}
var issuer = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedResources.Resources.ApiResources.FindMatchingSigningAlgorithms()
};
// add aud based on ApiResources in the validated request
foreach (var aud in request.ValidatedResources.Resources.ApiResources.Select(x => x.Name).Distinct())
{
token.Audiences.Add(aud);
}
if (Options.EmitLegacyResourceAudienceClaim)
{
token.Audiences.Add(string.Format(IdentityServerConstants.AccessTokenAudience, issuer.EnsureTrailingSlash()));
}
// add cnf if present
if (request.ValidatedRequest.Confirmation.IsPresent())
{
token.Confirmation = request.ValidatedRequest.Confirmation;
}
else
{
if (Options.MutualTls.AlwaysEmitConfirmationClaim)
{
var clientCertificate = await ContextAccessor.HttpContext.Connection.GetClientCertificateAsync();
if (clientCertificate != null)
{
token.Confirmation = clientCertificate.CreateThumbprintCnf();
}
}
}
return(token);
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
_logger.LogVerbose("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await _claimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.Client,
request.Scopes,
request.ValidatedRequest));
if (request.Client.IncludeJwtId)
{
claims.Add(new Claim(Constants.ClaimTypes.JwtId, CryptoRandom.CreateUniqueId()));
}
var issuer = _context.GetIssuerUri();
var token = new Token(Constants.TokenTypes.AccessToken)
{
Audience = string.Format(Constants.AccessTokenAudience, issuer.EnsureTrailingSlash()),
Issuer = issuer,
Lifetime = request.Client.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
Client = request.Client
};
return(token);
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.Debug("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await _claimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.Client,
request.Scopes,
request.ValidatedRequest));
if (request.Client.IncludeJwtId)
{
claims.Add(new Claim(Constants.ClaimTypes.JwtId, CryptoRandom.CreateUniqueId()));
}
if (request.ProofKey.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.Confirmation, request.ProofKey, Constants.ClaimValueTypes.Json));
}
return(CreateAccessToken(request.Client, claims));
}
public override async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.Resources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16)));
}
claims.Add(new Claim(JwtClaimTypes.Name, request.Subject.GetDisplayName()));
var issuer = Context.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType
};
foreach (var api in request.Resources.ApiResources)
{
if (!string.IsNullOrWhiteSpace(api.Name))
{
token.Audiences.Add(api.Name);
}
}
return(token);
}
/// <summary>
/// Creates an identity token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An identity token
/// </returns>
public virtual async Task <Token> CreateIdentityTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating identity token");
request.Validate();
// host provided claims
var claims = new List <Claim>();
// if nonce was sent, must be mirrored in id token
if (request.Nonce.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.Nonce, request.Nonce));
}
// add iat claim
claims.Add(new Claim(JwtClaimTypes.IssuedAt, IdentityServerDateTime.UtcNow.ToEpochTime().ToString(), ClaimValueTypes.Integer));
// add at_hash claim
if (request.AccessTokenToHash.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.AccessTokenHash, HashAdditionalData(request.AccessTokenToHash)));
}
// add c_hash claim
if (request.AuthorizationCodeToHash.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.AuthorizationCodeHash, HashAdditionalData(request.AuthorizationCodeToHash)));
}
// add sid if present
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
claims.AddRange(await ClaimsProvider.GetIdentityTokenClaimsAsync(
request.Subject,
request.ValidatedRequest.Client,
request.Resources,
request.IncludeAllIdentityClaims,
request.ValidatedRequest));
var issuer = Context.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.IdentityToken)
{
Audiences = { request.ValidatedRequest.Client.ClientId },
Issuer = issuer,
Lifetime = request.ValidatedRequest.Client.IdentityTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType
};
return(token);
}
/// <summary>
/// Creates an identity token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An identity token
/// </returns>
public virtual async Task <Token> CreateIdentityTokenAsync(TokenCreationRequest request)
{
Logger.Debug("Creating identity token");
request.Validate();
// host provided claims
var claims = new List <Claim>();
// if nonce was sent, must be mirrored in id token
if (request.Nonce.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.Nonce, request.Nonce));
}
// add iat claim
claims.Add(new Claim(Constants.ClaimTypes.IssuedAt, DateTimeOffsetHelper.UtcNow.ToEpochTime().ToString(), ClaimValueTypes.Integer));
// add at_hash claim
if (request.AccessTokenToHash.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.AccessTokenHash, HashAdditionalData(request.AccessTokenToHash)));
}
// add c_hash claim
if (request.AuthorizationCodeToHash.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.AuthorizationCodeHash, HashAdditionalData(request.AuthorizationCodeToHash)));
}
// add sid if present
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(Constants.ClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
claims.AddRange(await _claimsProvider.GetIdentityTokenClaimsAsync(
request.Subject,
request.Client,
request.Scopes,
request.IncludeAllIdentityClaims,
request.ValidatedRequest));
var token = new Token(Constants.TokenTypes.IdentityToken)
{
Audience = request.Client.ClientId,
Issuer = _issuerUri,
WebService = _wsUri,
Lifetime = request.Client.IdentityTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
Client = request.Client
};
return(token);
}
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
List <Claim> claims = new List <Claim>();
List <Claim> list = claims;
list.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(request.Subject, request.ValidatedResources, request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim("jti", CryptoRandom.CreateUniqueId(16, CryptoRandom.OutputFormat.Hex)));
}
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim("sid", request.ValidatedRequest.SessionId));
}
claims.Add(new Claim("iat", Clock.UtcNow.ToUnixTimeSeconds().ToString(), "http://www.w3.org/2001/XMLSchema#integer64"));
string identityServerIssuerUri = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
Token token = new Token("access_token")
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = identityServerIssuerUri,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
Description = request.Description,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedResources.Resources.ApiResources.FindMatchingSigningAlgorithms()
};
foreach (string item in request.ValidatedResources.Resources.ApiResources.Select((ApiResource x) => x.Name).Distinct())
{
token.Audiences.Add(item);
}
if (Options.EmitStaticAudienceClaim)
{
token.Audiences.Add($"{identityServerIssuerUri.EnsureTrailingSlash()}resources");
}
if (request.ValidatedRequest.Confirmation.IsPresent())
{
token.Confirmation = request.ValidatedRequest.Confirmation;
}
else if (Options.MutualTls.AlwaysEmitConfirmationClaim)
{
X509Certificate2 x509Certificate = await ContextAccessor.HttpContext.Connection.GetClientCertificateAsync();
if (x509Certificate != null)
{
token.Confirmation = x509Certificate.CreateThumbprintCnf();
}
}
return(token);
}
public Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
request.Validate();
return(Task.FromResult(new Token(TokenTypes.AccessToken)
{
CreationTime = _clock.UtcNow.UtcDateTime,
Lifetime = request.ValidatedRequest.Client.AccessTokenLifetime,
Claims = request.Subject.Claims.ToList(),
ClientId = request.ValidatedRequest.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
Audiences = new List <string> {
request.ValidatedRequest.ClientId
},
}));
}
public virtual async Task <Token> CreateIdentityTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating identity token");
request.Validate();
string algorithm = ((await KeyMaterialService.GetSigningCredentialsAsync(request.ValidatedRequest.Client.AllowedIdentityTokenSigningAlgorithms)) ?? throw new InvalidOperationException("No signing credential is configured.")).Algorithm;
List <Claim> claims = new List <Claim>();
if (request.Nonce.IsPresent())
{
claims.Add(new Claim("nonce", request.Nonce));
}
claims.Add(new Claim("iat", Clock.UtcNow.ToUnixTimeSeconds().ToString(), "http://www.w3.org/2001/XMLSchema#integer64"));
if (request.AccessTokenToHash.IsPresent())
{
claims.Add(new Claim("at_hash", CryptoHelper.CreateHashClaimValue(request.AccessTokenToHash, algorithm)));
}
if (request.AuthorizationCodeToHash.IsPresent())
{
claims.Add(new Claim("c_hash", CryptoHelper.CreateHashClaimValue(request.AuthorizationCodeToHash, algorithm)));
}
if (request.StateHash.IsPresent())
{
claims.Add(new Claim("s_hash", request.StateHash));
}
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim("sid", request.ValidatedRequest.SessionId));
}
List <Claim> list = claims;
list.AddRange(await ClaimsProvider.GetIdentityTokenClaimsAsync(request.Subject, request.ValidatedResources, request.IncludeAllIdentityClaims, request.ValidatedRequest));
string identityServerIssuerUri = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
return(new Token("id_token")
{
CreationTime = Clock.UtcNow.UtcDateTime,
Audiences =
{
request.ValidatedRequest.Client.ClientId
},
Issuer = identityServerIssuerUri,
Lifetime = request.ValidatedRequest.Client.IdentityTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedRequest.Client.AllowedIdentityTokenSigningAlgorithms
});
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.Resources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16)));
}
var issuer = Context.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.Resources.ApiResources.FindMatchingSigningAlgorithms()
};
if (Options.EmitLegacyResourceAudienceClaim)
{
token.Audiences.Add(string.Format(IdentityServerConstants.AccessTokenAudience, issuer.EnsureTrailingSlash()));
}
foreach (var api in request.Resources.ApiResources)
{
if (api.Name.IsPresent())
{
token.Audiences.Add(api.Name);
}
}
return(token);
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.ValidatedRequest.Client,
request.Resources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16)));
}
var issuer = Context.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
Audiences = { string.Format(Constants.AccessTokenAudience, issuer.EnsureTrailingSlash()) },
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims,
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType
};
foreach (var api in request.Resources.ApiResources)
{
if (api.Name.IsPresent())
{
token.Audiences.Add(api.Name);
}
}
return(token);
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.Debug("Creating access token");
request.Validate();
var claims = await _claimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.Client,
request.Scopes,
request.ValidatedRequest);
var token = new Token(Constants.TokenTypes.AccessToken)
{
Audience = string.Format(Constants.AccessTokenAudience, _options.IssuerUri.EnsureTrailingSlash()),
Issuer = _options.IssuerUri,
Lifetime = request.Client.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
Client = request.Client
};
return(token);
}
/// <summary>
/// Creates an identity token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An identity token
/// </returns>
public virtual async Task <Token> CreateIdentityTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating identity token");
request.Validate();
// todo: Dom, add a test for this. validate the at and c hashes are correct for the id_token when the client's alg doesn't match the server default.
var credential = await KeyMaterialService.GetSigningCredentialsAsync(request.ValidatedRequest.Client.AllowedIdentityTokenSigningAlgorithms);
if (credential == null)
{
throw new InvalidOperationException("No signing credential is configured.");
}
var signingAlgorithm = credential.Algorithm;
// host provided claims
var claims = new List <Claim>();
// if nonce was sent, must be mirrored in id token
if (request.Nonce.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.Nonce, request.Nonce));
}
// add iat claim
claims.Add(new Claim(JwtClaimTypes.IssuedAt, Clock.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
// add at_hash claim
if (request.AccessTokenToHash.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.AccessTokenHash, CryptoHelper.CreateHashClaimValue(request.AccessTokenToHash, signingAlgorithm)));
}
// add c_hash claim
if (request.AuthorizationCodeToHash.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.AuthorizationCodeHash, CryptoHelper.CreateHashClaimValue(request.AuthorizationCodeToHash, signingAlgorithm)));
}
// add s_hash claim
if (request.StateHash.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.StateHash, request.StateHash));
}
// add sid if present
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
claims.AddRange(await ClaimsProvider.GetIdentityTokenClaimsAsync(
request.Subject,
request.ValidatedResources,
request.IncludeAllIdentityClaims,
request.ValidatedRequest));
var issuer = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.IdentityToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Audiences = { request.ValidatedRequest.Client.ClientId },
Issuer = issuer,
Lifetime = request.ValidatedRequest.Client.IdentityTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedRequest.Client.AllowedIdentityTokenSigningAlgorithms
};
return(token);
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.ValidatedResources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16, CryptoRandom.OutputFormat.Hex)));
}
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
// oz
claims.Add(new Claim("userName", "*****@*****.**"));
claims.Add(new Claim("serverName", "identityserver.test.rsa"));
// iat claim as required by JWT profile
claims.Add(new Claim(JwtClaimTypes.IssuedAt, Clock.UtcNow.ToUnixTimeSeconds().ToString(),
ClaimValueTypes.Integer64));
var issuer = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
Description = request.Description,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedResources.Resources.ApiResources.FindMatchingSigningAlgorithms()
};
// add aud based on ApiResources in the validated request
foreach (var aud in request.ValidatedResources.Resources.ApiResources.Select(x => x.Name).Distinct())
{
token.Audiences.Add(aud);
}
if (Options.EmitStaticAudienceClaim)
{
token.Audiences.Add(string.Format(IdentityServerConstants.AccessTokenAudience, issuer.EnsureTrailingSlash()));
}
// add cnf if present
if (request.ValidatedRequest.Confirmation.IsPresent())
{
token.Confirmation = request.ValidatedRequest.Confirmation;
}
else
{
if (Options.MutualTls.AlwaysEmitConfirmationClaim)
{
var clientCertificate = await ContextAccessor.HttpContext.Connection.GetClientCertificateAsync();
if (clientCertificate != null)
{
token.Confirmation = clientCertificate.CreateThumbprintCnf();
}
}
}
return(token);
}
/// <summary>
/// Creates an access token.
/// </summary>
/// <param name="request">The token creation request.</param>
/// <returns>
/// An access token
/// </returns>
public virtual async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.ValidatedResources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16, CryptoRandom.OutputFormat.Hex)));
}
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
// oz
bool foundUserName = false;
var jwtToken = new JwtSecurityToken((string)request.ValidatedRequest.Secret.Credential);
object o;
if (jwtToken.Header.TryGetValue("ssiInvitation", out o))
{
if (o is string s)
{
if (s != null && s != "")
{
Console.WriteLine("ssiURL = " + s);
string email = "";
// Verifier verifier = new Verifier("http://192.168.178.33:5000"); //OpenId Server
Verifier verifier = new Verifier(s + ":5000"); //OpenId Server
Dictionary <string, string> attributes = verifier.GetVerifiedAttributes(s);
foreach (var item in attributes)
{
Console.WriteLine(item.Key + ":" + item.Value); // OpenId Server responds with verified attributes
if (item.Key == "email")
{
email = item.Value;
}
}
claims.Add(new Claim("userName", email));
Console.WriteLine("username = "******"email", out o))
{
if (o is string s)
{
if (s != null && s != "")
{
claims.Add(new Claim("userName", s.ToLower()));
Console.WriteLine("username = "******"x5c", out o))
{
if (o is JArray)
{
string[] x5c = (o as JArray).ToObject <string[]>();
if (x5c != null)
{
Byte[] certFileBytes = Convert.FromBase64String(x5c[0]);
var x509 = new X509Certificate2(certFileBytes);
if (x509.Issuer.ToLower().Contains("phoenix contact"))
{
string subject = x509.Subject.Substring(4);
string[] split1 = subject.Split("(");
if (split1.Length == 2)
{
string[] split2 = split1[0].Split(",");
if (split2.Length == 2)
{
string email = split2[1].Substring(1, 1) + split2[0] + "@phoenixcontact.com";
email = email.ToLower();
email = email.Replace("ä", "ae");
email = email.Replace("ö", "oe");
email = email.Replace("ü", "ue");
email = email.Replace("ß", "ss");
claims.Add(new Claim("userName", email));
Console.WriteLine("username = "******"bosch"))
{
string subject = x509.Subject.Substring(3);
string[] split1 = subject.Split(",");
string email = split1[0] + "@de.bosch.com";
email = email.ToLower();
claims.Add(new Claim("userName", email));
Console.WriteLine("username = "******"festo"))
{
string subject = x509.Subject.Substring(3);
string email = subject + "@de.festo.com";
email = email.ToLower();
claims.Add(new Claim("userName", email));
Console.WriteLine("username = "******"userName", "*****@*****.**"));
claims.Add(new Claim("serverName", "identityserver.test.rsa"));
// iat claim as required by JWT profile
claims.Add(new Claim(JwtClaimTypes.IssuedAt, Clock.UtcNow.ToUnixTimeSeconds().ToString(),
ClaimValueTypes.Integer64));
var issuer = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
Description = request.Description,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedResources.Resources.ApiResources.FindMatchingSigningAlgorithms()
};
// add aud based on ApiResources in the validated request
foreach (var aud in request.ValidatedResources.Resources.ApiResources.Select(x => x.Name).Distinct())
{
token.Audiences.Add(aud);
}
if (Options.EmitStaticAudienceClaim)
{
token.Audiences.Add(string.Format(IdentityServerConstants.AccessTokenAudience, issuer.EnsureTrailingSlash()));
}
// add cnf if present
if (request.ValidatedRequest.Confirmation.IsPresent())
{
token.Confirmation = request.ValidatedRequest.Confirmation;
}
else
{
if (Options.MutualTls.AlwaysEmitConfirmationClaim)
{
var clientCertificate = await ContextAccessor.HttpContext.Connection.GetClientCertificateAsync();
if (clientCertificate != null)
{
token.Confirmation = clientCertificate.CreateThumbprintCnf();
}
}
}
return(token);
}