public override async Task GrantAuthorizationCode(OAuthGrantAuthorizationCodeContext context)
{
if (context.Ticket.Identity.IsAuthenticated)
{
var identity = new ClaimsIdentity(context.Ticket.Identity.Claims, "Bearer");
var client = await _clientManager.FindClientByIdAsync(context.Ticket.Properties.Dictionary["client_id"]);
foreach (var scope in client.Scopes)
{
identity.AddClaim(new Claim(CustomClaimTypes.AuthorisedScopes, scope));
}
context.Validated(context.Ticket);
}
else
{
context.OwinContext.Authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie);
}
context.Validated(context.Ticket);
}
/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize
/// endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token".
/// The claims and properties
/// associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization
/// Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different
/// AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token.
/// The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to
/// the access token unmodified.
/// See also http://tools.ietf.org/html/rfc6749#section-4.1.3
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task GrantAuthorizationCode(OAuthGrantAuthorizationCodeContext context)
{
this.options.Logger.Debug("Authenticating authorization code flow");
var user = context.Ticket.Identity;
// Add grant type claim
user.RemoveClaim(x => x.Type == Constants.ClaimType.GrantType);
user.AddClaim(new Claim(Constants.ClaimType.GrantType, Constants.GrantTypes.AuthorizationCode));
context.Validated(user);
}
/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize
/// endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token".
/// The claims and properties
/// associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization
/// Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different
/// AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token.
/// The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to
/// the access token unmodified.
/// See also http://tools.ietf.org/html/rfc6749#section-4.1.3
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task GrantAuthorizationCode(OAuthGrantAuthorizationCodeContext context)
{
this.options.Logger.Debug("Authenticating authorization code flow");
var user = new SentinelPrincipal(context.Ticket.Identity);
// Add grant type claim
user.Identity.RemoveClaim(x => x.Type == ClaimType.GrantType);
user.Identity.AddClaim(ClaimType.GrantType, GrantType.AuthorizationCode);
context.Validated(user.Identity.AsClaimsIdentity());
}
/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize
/// endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token".
/// The claims and properties
/// associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization
/// Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different
/// AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token.
/// The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to
/// the access token unmodified.
/// See also http://tools.ietf.org/html/rfc6749#section-4.1.3
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task GrantAuthorizationCode(OAuthGrantAuthorizationCodeContext context)
{
this.options.Logger.Debug("Authenticating authorization code flow");
var user = new SentinelPrincipal(context.Ticket.Identity);
// Add grant type claim
user.Identity.RemoveClaim(x => x.Type == ClaimType.GrantType);
user.Identity.AddClaim(ClaimType.GrantType, GrantType.AuthorizationCode);
context.Validated(user.Identity.AsClaimsIdentity());
}