public async Task <IActionResult> ValidateUserConsent([FromForm] ConsentUser userConsent)
{
// validate return url is still valid
var request = await _interaction.GetAuthorizationContextAsync(userConsent.ReturnUrl);
if (request == null)
{
return(Redirect("~/"));
}
/*
* Add logic for consent not granted
*/
// communicate outcome of consent back to identityserver
ConsentResponse userConsentResponse = new ConsentResponse
{
RememberConsent = userConsent.RememberMe,
ScopesConsented = userConsent.GrantedScopes
};
await _interaction.GrantConsentAsync(request, userConsentResponse);
if (_interaction.IsValidReturnUrl(userConsent.ReturnUrl) || Url.IsLocalUrl(userConsent.ReturnUrl))
{
return(Redirect(userConsent.ReturnUrl));
}
return(Redirect("~/"));
}
public async Task <IActionResult> OnPostCreateAsync()
{
ModelState.Clear();
TryValidateModel(Create);
if (!ModelState.IsValid)
{
return(Page());
}
var user = new ConsentUser {
Email = Create.EmailAddress, UserName = Create.UserName
};
var result = await userManager.CreateAsync(user, Create.Password);
if (result.Succeeded)
{
if (Create.IsAdmin)
{
await userManager.AddToRoleAsync(user, "Website Admin");
}
Message = $"User '{Create.UserName}' created";
return(RedirectToPage());
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
return(Page());
}
private async Task <ConsentUser> AutoProvisionUserAsync(
string provider, string providerUserId, IEnumerable <Claim> claims)
{
// create a list of claims that we want to transfer into our store
var filtered = new List <Claim>();
// user's display name
var name = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Name)?.Value ??
claims.FirstOrDefault(x => x.Type == ClaimTypes.Name)?.Value;
if (name != null)
{
filtered.Add(new Claim(JwtClaimTypes.Name, name));
}
else
{
var first = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.GivenName)?.Value ??
claims.FirstOrDefault(x => x.Type == ClaimTypes.GivenName)?.Value;
var last = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.FamilyName)?.Value ??
claims.FirstOrDefault(x => x.Type == ClaimTypes.Surname)?.Value;
if (first != null && last != null)
{
filtered.Add(new Claim(JwtClaimTypes.Name, first + " " + last));
}
else if (first != null)
{
filtered.Add(new Claim(JwtClaimTypes.Name, first));
}
else if (last != null)
{
filtered.Add(new Claim(JwtClaimTypes.Name, last));
}
}
// email
var email = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Email)?.Value ??
claims.FirstOrDefault(x => x.Type == ClaimTypes.Email)?.Value;
if (email != null)
{
filtered.Add(new Claim(JwtClaimTypes.Email, email));
}
var user = new ConsentUser
{
UserName = Guid.NewGuid().ToString(),
};
var identityResult = await _userManager.CreateAsync(user);
if (!identityResult.Succeeded)
{
throw new Exception(identityResult.Errors.First().Description);
}
if (filtered.Any())
{
identityResult = await _userManager.AddClaimsAsync(user, filtered);
if (!identityResult.Succeeded)
{
throw new Exception(identityResult.Errors.First().Description);
}
}
identityResult = await _userManager.AddLoginAsync(
user,
new UserLoginInfo(provider, providerUserId, provider));
if (!identityResult.Succeeded)
{
throw new Exception(identityResult.Errors.First().Description);
}
return(user);
}
