public async Task <WorkplaceCredentialsDto> CreateWorkplaceAsync(WorkplaceDescriptorDto workplaceDescriptor) { var credentials = CreateCredentials(workplaceDescriptor); var permissions = new List <string>(8); permissions.AddRange(workplaceDescriptor.Scopes.Select(s => "scp:" + s)); permissions.AddRange(new[] { OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.ClientCredentials }); var application = new PskApplication { ClientId = credentials.ClientId, DisplayName = workplaceDescriptor.DisplayName, Permissions = JsonConvert.SerializeObject(permissions), TenantId = workplaceDescriptor.TenantId, BranchOfficeId = workplaceDescriptor.BranchOfficeId, DepartmentId = workplaceDescriptor.DepartmentId, ApplicationType = "workplace_" + workplaceDescriptor.WorkplaceType }; await _oidcAppManager.CreateAsync(application, credentials.ClientSecret); return(credentials); }
private AuthenticationTicket CreateWorkplaceSignInTicket(OpenIdConnectRequest request, PskApplication application) { // Create a new ClaimsIdentity containing the claims that // will be used to create an id_token, a token or a code. var identity = new ClaimsIdentity( OpenIddictServerDefaults.AuthenticationScheme, OpenIdConnectConstants.Claims.Name, OpenIdConnectConstants.Claims.Role); // Use the client_id as the subject identifier. identity.AddClaim(OpenIdConnectConstants.Claims.Subject, application.ClientId, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); identity.AddClaim(OpenIdConnectConstants.Claims.Name, application.DisplayName, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); var principal = new ClaimsPrincipal(identity); principal.AddUserTenantAndOrgStructureClaims(application.TenantId, application.BranchOfficeId, application.DepartmentId); // Create a new authentication ticket holding the user identity. var ticket = new AuthenticationTicket( principal, new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme); var scopes = request.GetScopes(); ticket.SetScopes(scopes); identity.AddClaim( CustomClaimTypes.TenantId, application.TenantId, OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken); // a 'tenant auditor' workplace application // doesn't have a 'branch office id' claim if (!string.IsNullOrEmpty(application.BranchOfficeId)) { identity.AddClaim( CustomClaimTypes.BranchOfficeId, application.BranchOfficeId, OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken); } // a 'branch auditor' workplace application // doesn't have a 'department id' claim if (!string.IsNullOrEmpty(application.DepartmentId)) { identity.AddClaim( CustomClaimTypes.DepartmentId, application.DepartmentId, OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken); } return(ticket); }