private AuthenticationTicket CreateWorkplaceSignInTicket(OpenIdConnectRequest request, PskApplication application) { // Create a new ClaimsIdentity containing the claims that // will be used to create an id_token, a token or a code. var identity = new ClaimsIdentity( OpenIddictServerDefaults.AuthenticationScheme, OpenIdConnectConstants.Claims.Name, OpenIdConnectConstants.Claims.Role); // Use the client_id as the subject identifier. identity.AddClaim(OpenIdConnectConstants.Claims.Subject, application.ClientId, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); identity.AddClaim(OpenIdConnectConstants.Claims.Name, application.DisplayName, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); var principal = new ClaimsPrincipal(identity); principal.AddUserTenantAndOrgStructureClaims(application.TenantId, application.BranchOfficeId, application.DepartmentId); // Create a new authentication ticket holding the user identity. var ticket = new AuthenticationTicket( principal, new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme); var scopes = request.GetScopes(); ticket.SetScopes(scopes); identity.AddClaim( CustomClaimTypes.TenantId, application.TenantId, OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken); // a 'tenant auditor' workplace application // doesn't have a 'branch office id' claim if (!string.IsNullOrEmpty(application.BranchOfficeId)) { identity.AddClaim( CustomClaimTypes.BranchOfficeId, application.BranchOfficeId, OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken); } // a 'branch auditor' workplace application // doesn't have a 'department id' claim if (!string.IsNullOrEmpty(application.DepartmentId)) { identity.AddClaim( CustomClaimTypes.DepartmentId, application.DepartmentId, OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken); } return(ticket); }
public static void AddUserTenantAndOrgStructureClaims(this ClaimsPrincipal user, Guid tenantId, Guid?branchOfficeId, Guid?departmentId) { user.AddUserTenantAndOrgStructureClaims(tenantId.ToString(), branchOfficeId?.ToString(), departmentId?.ToString()); }