private static Task AddClaims(Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification <Microsoft.IdentityModel.Protocols.OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> n)
{
n.AuthenticationTicket.Identity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
foreach (var claim in n.AuthenticationTicket.Identity.FindAll(x => x.Type == ClaimTypes.Role))
{
n.AuthenticationTicket.Identity.AddClaim(new Claim("role", claim.Value));
}
return(Task.FromResult(0));
}
private async Task <string> GetAccessToken(Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> info)
{
dynamic tokenResponse = await GetTokenFromAuthSvr(
endpoint : "https://localhost:44301/identity/connect/token",
code : info.ProtocolMessage.Code,
callbackUri : info.Options.RedirectUri,
clientId : info.Options.ClientId,
clientSecret : info.Options.ClientSecret);
string accessToken = tokenResponse.access_token;
return(accessToken);
}
private static void MapClaims(Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification <Microsoft.IdentityModel.Protocols.OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> info)
{
var identity = info.AuthenticationTicket.Identity;
var givenName = identity.FindFirst("given_name");
var familyName = identity.FindFirst("family_name");
var email = identity.FindFirst("email");
var emailVerified = identity.FindFirst("email_verified");
var sub = identity.FindFirst("sub");
var projects = identity.FindFirst("projects");
var roles = identity.FindAll("role");
var internalIdentity = new ClaimsIdentity(
identity.AuthenticationType,
"given_name",
"role");
// internalIdentity.Name
// HasRole
internalIdentity.AddClaim(givenName);
internalIdentity.AddClaim(familyName);
internalIdentity.AddClaim(email);
internalIdentity.AddClaim(emailVerified);
internalIdentity.AddClaim(sub);
if (projects != null)
{
internalIdentity.AddClaim(projects);
}
internalIdentity.AddClaims(roles);
if (identity.HasClaim("role", "Manager"))
{
internalIdentity.AddClaim(new Claim("overbook_flights", "true"));
}
var idToken = info.ProtocolMessage.IdToken;
var accessToken = info.ProtocolMessage.AccessToken;
internalIdentity.AddClaim(new Claim("id_token", idToken));
if (!string.IsNullOrEmpty(accessToken))
{
internalIdentity.AddClaim(new Claim("access_token", accessToken));
}
info.AuthenticationTicket = new AuthenticationTicket(
internalIdentity,
info.AuthenticationTicket.Properties);
}
private Task SecurityTokenValidated(Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
string userID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
return(Task.FromResult(0));
}
