public async Task <IActionResult> Authorize(OpenIdConnectRequest request) { // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIddictConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } var userId = _userManager.GetUserId(User); if (!string.IsNullOrEmpty( await OpenIdExtensions.IsUserAuthorized(_authorizationManager, request, userId, application.Id))) { return(await Authorize(request, "YES", false)); } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = await _applicationManager.GetDisplayNameAsync(application), RequestId = request.RequestId, Scope = request.GetScopes() })); }
public async Task <IActionResult> Authorize(OpenIdConnectRequest request) { Debug.Assert(request.IsAuthorizationRequest(), "The OpenIddict binder for ASP.NET Core MVC is not registered. " + "Make sure services.AddOpenIddict().AddServer().UseMvc() is correctly called."); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIddictConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = await _applicationManager.GetDisplayNameAsync(application), RequestId = request.RequestId, Scope = request.Scope })); }
public async Task <IActionResult> Login(OpenIdConnectRequest request, Profile profile) { if (request.IsClientCredentialsGrantType()) { var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Id Клиента не найден в базе данных." })); } if (!await _repository.GetProfileAsync(profile.Login, profile.Password)) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.UnsupportedGrantType, ErrorDescription = "Login or PAssword не совпадают." })); } var idprofile = await _repository.GetProfileIdAsync(profile.Login, profile.Password); var i = idprofile.ToString(); request.Username = i.ToString(); var ticket = CreateTicket(request, application); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); } else if (request.IsRefreshTokenGrantType()) { var info = await HttpContext.AuthenticateAsync(OpenIdConnectServerDefaults.AuthenticationScheme); var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Id Клиента не найден в базе данных." })); } var ticket = CreateTicket(request, application); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); } return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.UnsupportedGrantType, ErrorDescription = "The specified grant type is not supported." })); }
public async Task <IActionResult> Authorize(OpenIdConnectRequest request, CancellationToken cancellationToken) { Debug.Assert(request.IsAuthorizationRequest(), "The OpenIddict binder for ASP.NET Core MVC is not registered. " + "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } var user = await _userManager.GetUserAsync(User); if (user == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.ServerError, ErrorDescription = "An internal error has occurred" })); } var authorization = await _authorizationManager.FindAsync(user.Id, application.Id, cancellationToken); if (authorization != null) { // if we didn't ask for any scopes that aren't already authorized if (false == request.GetScopes().Except(authorization.Scopes).Any()) { var ticket = await CreateTicketAsync(request, user); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); } } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = application.DisplayName, RequestId = request.RequestId, Scope = request.Scope, ClientId = request.ClientId, ResponseType = request.ResponseType, ResponseMode = request.ResponseMode, RedirectUri = request.RedirectUri, State = request.State, Nonce = request.Nonce })); }
public async Task <IActionResult> GetApplications([FromRoute] string clientId) { return((await ShouldNotNullOrEmpty(clientId).ToEither().MapAsync(async req => ShouldNotNull(await _oidApplicationManager.FindByClientIdAsync(req)))) .Match <IActionResult>(res => res .Match <IActionResult>(data => Ok(_mapper.Map <OpenIddictApplicationViewModel>(data)), _ => NotFound()), errors => BadRequest(errors.Join()))); }
public async Task <IActionResult> Authorize() { var request = HttpContext.GetOpenIdConnectRequest(); var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { throw new InvalidOperationException("The application details cannot be found in the database."); } return(await Accept()); }
public async Task <IActionResult> Authorize(OpenIdConnectRequest request) { Debug.Assert(request.IsAuthorizationRequest(), "The OpenIddict binder for ASP.NET Core MVC is not registered. " + "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } var user = await _userManager.GetUserAsync(User); if (user == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.ServerError, ErrorDescription = "An internal error has occurred" })); } if (user.IsDeleted) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.ServerError, ErrorDescription = "An internal error has occurred" })); } // Create a new authentication ticket. var ticket = await CreateTicketAsync(request, user); // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens. return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. //return View(new AuthorizeViewModel //{ // ApplicationName = application.DisplayName, // RequestId = request.RequestId, // Scope = request.Scope //}); }
private async Task InitializeIdServAsync() { // Create a new service scope to ensure the database context is correctly disposed when this methods returns. if (await _iddictApplicationManager.FindByClientIdAsync("mvc") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "mvc", ClientSecret = "901564A5-E7FE-42CB-B10D-61EF6A8F3654", DisplayName = "MVC client application", PostLogoutRedirectUris = { new Uri("http://localhost:53507/signout-callback-oidc") }, RedirectUris = { new Uri("http://localhost:53507/signin-oidc") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.Endpoints.Token } }; await _iddictApplicationManager.CreateAsync(descriptor); } // To test this sample with Postman, use the following settings: // // * Authorization URL: http://localhost:54540/connect/authorize // * Access token URL: http://localhost:54540/connect/token // * Client ID: postman // * Client secret: [blank] (not used with public clients) // * Scope: openid email profile roles // * Grant type: authorization code // * Request access token locally: yes if (await _iddictApplicationManager.FindByClientIdAsync("postman") == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = "postman", DisplayName = "Postman", RedirectUris = { new Uri("https://www.getpostman.com/oauth2/callback") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Token } }; await _iddictApplicationManager.CreateAsync(descriptor); } }
public async Task <IActionResult> Authorize() { var request = HttpContext.GetOpenIddictServerRequest() ?? throw new InvalidOperationException("The OpenID Connect request cannot be retrieved."); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId) ?? throw new InvalidOperationException("Details concerning the calling client application cannot be found."); return(View(new AuthorizeViewModel { ApplicationName = await _applicationManager.GetDisplayNameAsync(application), Scope = request.Scope })); }
public async Task <IActionResult> Authorize(OpenIdConnectRequest request) { Debug.Assert(request.IsAuthorizationRequest(), "The OpenIddict binder for ASP.NET Core MVC is not registered. " + "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); if (!User.Identity.IsAuthenticated) { // If the client application request promptless authentication, // return an error indicating that the user is not logged in. if (request.HasPrompt(OpenIdConnectConstants.Prompts.None)) { var properties = new AuthenticationProperties(new Dictionary <string, string> { [OpenIdConnectConstants.Properties.Error] = OpenIdConnectConstants.Errors.LoginRequired, [OpenIdConnectConstants.Properties.ErrorDescription] = "The user is not logged in." }); // Ask OpenIddict to return a login_required error to the client application. return(Forbid(properties, OpenIdConnectServerDefaults.AuthenticationScheme)); } return(Challenge()); } // Retrieve the application details from the database. var application = await applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database." })); } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = application.DisplayName, RequestId = request.RequestId, Scope = request.Scope })); }
public async Task <IActionResult> Authorize([ModelBinder(typeof(OpenIddictMvcBinder))] OpenIdConnectRequest request) { var application = await applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Детали, соответствующие вызываемому клиентскому приложению не найдены в базе данных" })); } var user = await userManager.GetUserAsync(User); if (user != null) { var authorize = await authorizationManager.FindBySubjectAsync(user.Id); if (authorize.Length != 0) { var ticket = await CreateTicketAsync(request, user); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); } } return(View(new AuthorizeViewModel { ApplicationName = application.DisplayName, RequestId = request.RequestId })); }
public async Task <IActionResult> Authorize(OpenIdConnectRequest request) { Debug.Assert(request.IsAuthorizationRequest(), "The OpenIddict binder for ASP.NET Core MVC is not registered. " + "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(new JsonResult(new { code = OpenIdConnectConstants.Errors.InvalidClient, message = "Details concerning the calling client application cannot be found in the database" })); } var user = await _userManager.GetUserAsync(User); if (user == null) { return(new JsonResult(new { code = OpenIdConnectConstants.Errors.ServerError, message = "An internal error has occurred" })); } // Create a new authentication ticket. var ticket = await CreateTicketAsync(request, user); // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens. return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); }
private async Task AddOpenIdConnectOptions(IConfiguration configuration) { if (await _openIddictApplicationManager.FindByClientIdAsync("cleanarchitecture") == null) { var host = configuration["HostUrl"].ToString(); var descriptor = new OpenIddictApplicationDescriptor { ClientId = "cleanarchitecture", DisplayName = "CleanArchitecture", PostLogoutRedirectUris = { new Uri($"{host}signout-oidc") }, RedirectUris = { new Uri(host) }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.GrantTypes.Password, OpenIddictConstants.Permissions.GrantTypes.RefreshToken } }; await _openIddictApplicationManager.CreateAsync(descriptor); } }
public async Task <string> CreateAsync(ApplicationParam model) { if (model == null) { throw new ArgumentNullException(nameof(model)); } var entity = await _manager.FindByClientIdAsync(model.ClientId); if (entity == null) { // create new entity var newEntity = new OpenIddictEntityFrameworkCoreApplication { ClientId = model.ClientId, DisplayName = model.DisplayName, Type = model.Type }; HandleCustomProperties(model, newEntity); await _manager.CreateAsync(newEntity, model.ClientSecret); return(newEntity.Id); } // update existing entity model.Id = entity.Id; await UpdateAsync(model); return(entity.Id); }
public async Task <IActionResult> Authorize() { var request = HttpContext.GetOpenIddictServerRequest(); if (request == null) { throw new InvalidOperationException("The OpenID Connect request cannot be retrieved."); } // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { return(View("Error", new ErrorViewModel { Error = Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = await _applicationManager.GetDisplayNameAsync(application), Parameters = request.GetFlattenedParameters(), Scope = request.Scope })); }
public async Task <IActionResult> Authorize() { // Extract the authorization request from the ASP.NET environment. var request = HttpContext.GetOpenIdConnectRequest(); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } // Flow the request_id to allow OpenIddict to restore // the original authorization request from the cache. return(View(new AuthorizeViewModel { ApplicationName = application.DisplayName, RequestId = request.RequestId, Scope = request.Scope })); }
public async Task <IActionResult> Exchange([ModelBinder(BinderType = typeof(OpenIddictMvcBinder))] OpenIdConnectRequest request) { if (request.IsClientCredentialsGrantType()) { // Note: the client credentials are automatically validated by OpenIddict: // if client_id or client_secret are invalid, this action won't be invoked. var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "The client application was not found in the database." })); } // Create a new authentication ticket. var ticket = CreateTicket(application); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); } return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.UnsupportedGrantType, ErrorDescription = "The specified grant type is not supported." })); }
public async Task <IActionResult> Exchange(OpenIdConnectRequest request) { Debug.Assert(request.IsTokenRequest(), "The OpenIddict binder for ASP.NET Core MVC is not registered. " + "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); if (request.IsClientCredentialsGrantType()) { // Note: the client credentials are automatically validated by OpenIddict: // if client_id or client_secret are invalid, this action won't be invoked. var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "The client application was not found in the database." })); } // Create a new authentication ticket. var ticket = CreateTicket(request, application); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); } return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.UnsupportedGrantType, ErrorDescription = "The specified grant type is not supported." })); }
public async Task <IActionResult> Authorize(OpenIdConnectRequest req) { //Debug.Assert(request.IsAuthorizationRequest(), // "The OpenIddict binder for ASP.NET Core MVC is not registered." + // "Make sure services.AddOpenIddict().AddServer().UseMvc() is correctly called."); var application = await applicationManager.FindByClientIdAsync(req.ClientId); if (application == null) { var msg = "Details concerning the calling client application cannot be found in the database"; return(BadRequest(error: new ErrowVm { Error = Errors.InvalidClient, ErrorDescription = msg }.ToResponse(false, msg))); } return(Ok(new AuthorizeVm { ApplicationName = await applicationManager.GetDisplayNameAsync(application), RequestId = req.RequestId, Scope = req.Scope }.ToResponse())); }
public static async Task CreateClientApps(OpenIddictApplicationManager <OpenIddictApplication> manager, CancellationToken cancellationToken) { if (await manager.FindByClientIdAsync(ClientAppHelper.CLIENT_WEB_ID, cancellationToken) == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = ClientAppHelper.CLIENT_WEB_ID, ClientSecret = ClientAppHelper.CLIENT_WEB_SECRET, DisplayName = "Imanage Web App", PostLogoutRedirectUris = { new Uri("https://imanage.azurewebsites.net/connect/token") }, RedirectUris = { new Uri("https://imanage.azurewebsites.net/connect/token") }, Type = OpenIddictConstants.ClientTypes.Hybrid, Permissions = { OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.Password, OpenIddictConstants.Permissions.GrantTypes.RefreshToken, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles } }; await manager.CreateAsync(descriptor, cancellationToken); } }
public async Task <IActionResult> Authorize() { // Extract the authorization request from the ASP.NET environment. var request = HttpContext.GetOpenIdConnectRequest(); // Retrieve the application details from the database. var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "Details concerning the calling client application cannot be found in the database" })); } // Retrieve the profile of the logged in user. var user = await _userManager.GetUserAsync(User); if (user == null) { return(View("Error", new ErrorViewModel { Error = OpenIdConnectConstants.Errors.ServerError, ErrorDescription = "An internal error has occurred" })); } // Create a new authentication ticket. var ticket = await CreateTicketAsync(request, user); // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens. return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); }
public async Task <ActionResult <OpenIddictApplicationDescriptor> > SaveAsync(OpenIddictApplicationDescriptor descriptor) { descriptor.Permissions.Clear(); descriptor.Permissions.AddRange(_defaultPermissions); var app = await _manager.FindByClientIdAsync(descriptor.ClientId); if (app == null) {// create app = await _manager.CreateAsync(descriptor); await _manager.PopulateAsync(descriptor, app); } else {// update //prevent changing client secret descriptor.ClientSecret = app.ClientSecret; await _manager.PopulateAsync(app, descriptor); await _manager.UpdateAsync(app); } descriptor.ClientSecret = app.ClientSecret; return(descriptor); }
public override async ValueTask HandleAsync( OpenIddictServerEvents.HandleTokenRequestContext notification) { var request = notification.Request; var context = notification; if (!request.IsClientCredentialsGrantType()) { return; } var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { context.Reject( error: OpenIddictConstants.Errors.InvalidClient, description: "The client application was not found in the database."); return; } var user = await _userManager.FindByIdAsync(application.ApplicationUserId); context.Principal = await CreateClaimsPrincipalAsync(request, user); }
public static async Task <ClaimsPrincipal> CreateClaimsPrincipalAsync(OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, IdentityOptions identityOptions, SignInManager <ApplicationUser> signInManager, OpenIddictRequest request, ApplicationUser user) { var principal = await signInManager.CreateUserPrincipalAsync(user); if (!request.IsAuthorizationCodeGrantType() && !request.IsRefreshTokenGrantType()) { principal.SetScopes(request.GetScopes().Restrict(principal)); } else if (request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(principal.GetInternalAuthorizationId())) { var app = await applicationManager.FindByClientIdAsync(request.ClientId); var authorizationId = await IsUserAuthorized(authorizationManager, request, user.Id, app.Id); if (!string.IsNullOrEmpty(authorizationId)) { principal.SetInternalAuthorizationId(authorizationId); } } principal.SetDestinations(identityOptions); return(principal); }
private static async Task AddClientApplications(ApplicationDbContext context, OpenIddictApplicationManager <OpenIddictApplication> manager) { const string clientId = "socialarts.club"; var app = await manager.FindByClientIdAsync(clientId); if (app != null) { await manager.DeleteAsync(app); } var descriptor = new OpenIddictApplicationDescriptor { ClientId = clientId, DisplayName = clientId, // TODO: Read this from configuration. RedirectUris = { new Uri("https://localhost:5001/MyProgressJournal"), new Uri("https://socialarts.club/MyProgressJournal") }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.Scopes.OpenId, } }; await manager.CreateAsync(descriptor); }
public async Task <IActionResult> Exchange([ModelBinder(typeof(OpenIddictMvcBinder))] OpenIdConnectRequest request) { if (!request.IsClientCredentialsGrantType()) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.UnsupportedGrantType, ErrorDescription = "The specified grant type is not supported." })); } var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(BadRequest(new OpenIdConnectResponse { Error = OpenIdConnectConstants.Errors.InvalidClient, ErrorDescription = "The client application was not found in the database." })); } var ticket = CreateTicket(application); return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); }
public async Task <IActionResult> Exchange() { var request = HttpContext.GetOpenIddictServerRequest(); if (request.IsAuthorizationCodeGrantType()) { // Note: the client credentials are automatically validated by OpenIddict: // if client_id or client_secret are invalid, this action won't be invoked. var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { throw new InvalidOperationException("The application details cannot be found in the database."); } // Create a new ClaimsIdentity containing the claims that // will be used to create an id_token, a token or a code. var identity = new ClaimsIdentity( TokenValidationParameters.DefaultAuthenticationType, Claims.Name, Claims.Role); // Use the client_id as the subject identifier. identity.AddClaim(Claims.Subject, await _applicationManager.GetClientIdAsync(application), Destinations.AccessToken, Destinations.IdentityToken); identity.AddClaim(Claims.Name, await _applicationManager.GetDisplayNameAsync(application), Destinations.AccessToken, Destinations.IdentityToken); return(SignIn(new ClaimsPrincipal(identity), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)); } throw new NotImplementedException("The specified grant type is not implemented."); }
public async Task <IActionResult> Authorize() { var request = HttpContext.GetOpenIdConnectRequest(); var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); if (application == null) { return(BadRequest(OpenIdConnectConstants.Errors.InvalidClient)); } // Retrieve the profile of the logged in user. var user = await _userManager.GetUserAsync(User); if (user == null) { return(BadRequest(OpenIdConnectConstants.Errors.ServerError)); } if (!user.EmailConfirmed) { return(BadRequest("unconfirmed_email")); } var ticket = await CreateTicketAsync(request, user); // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens. return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme)); }
private async Task AddOpenIdConnectApplication(IConfiguration configuration) { if (await _openIddictApplicationManager.FindByClientIdAsync("botw") == null) { var host = configuration["HostUrl"].ToString(); var descriptor = new OpenIddictApplicationDescriptor { ClientId = "botw", DisplayName = "Best of the Worst", PostLogoutRedirectUris = { new Uri($"{host}signout-oidc") }, RedirectUris = { new Uri(host) }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.Implicit, OpenIddictConstants.Permissions.GrantTypes.Password, OpenIddictConstants.Permissions.GrantTypes.RefreshToken, OpenIddictConstants.Permissions.Scopes.Email, OpenIddictConstants.Permissions.Scopes.Profile, OpenIddictConstants.Permissions.Scopes.Roles, } }; await _openIddictApplicationManager.CreateAsync(descriptor); } }
public override async Task <OpenIddictServerEventState> HandleAsync( OpenIddictServerEvents.HandleTokenRequest notification) { var request = notification.Context.Request; if (!request.IsClientCredentialsGrantType()) { // Allow other handlers to process the event. return(OpenIddictServerEventState.Unhandled); } var application = await _applicationManager.FindByClientIdAsync(request.ClientId, notification.Context.HttpContext.RequestAborted); if (application == null) { notification.Context.Reject( error: OpenIddictConstants.Errors.InvalidClient, description: "The client application was not found in the database."); // Don't allow other handlers to process the event. return(OpenIddictServerEventState.Handled); } var user = await _userManager.FindByIdAsync(application.ApplicationUserId); notification.Context.Validate(await CreateTicketAsync(request, user)); // Don't allow other handlers to process the event. return(OpenIddictServerEventState.Handled); }