Exemple #1
0
        public async override Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject,
                                                                                    Resources resources, ValidatedRequest request)
        {
            var arbitraryClaimsCheck = request.Raw.ContainsAny(RequiredArbitraryClaimsArgument);
            var arbitraryScopesCheck = request.Raw.ContainsAny(RequiredArbitraryScopes);

            if (!arbitraryClaimsCheck && !arbitraryScopesCheck)
            {
                var missing = string.Join(",", RequiredArbitraryClaimsArgument.ToArray());
                missing += ",";
                missing += string.Join(",", RequiredArbitraryScopes.ToArray());
                var ex = new Exception(string.Format("RequiredArgument failed need the following [{0}]", missing));
                _logger.LogError(LoggingEvents.REQUIRED_ITEMS_MISSING, ex);
                throw ex;
            }
            var          result      = base.GetAccessTokenClaimsAsync(subject, resources, request);
            var          rr          = request.Raw.AllKeys.ToDictionary(k => k, k => request.Raw[k]);
            List <Claim> finalClaims = new List <Claim>(result.Result);

            if (arbitraryScopesCheck)
            {
                var newScopes = rr["arbitrary-scopes"].Split(new char[] { ' ', '\t' },
                                                             StringSplitOptions.RemoveEmptyEntries);
                if (_privateClaimsScopesValidation.ValidatePrivateArbitraryScopes(rr["client_id"], newScopes))
                {
                    foreach (var scope in newScopes)
                    {
                        finalClaims.Add(new Claim("scope", scope));
                    }
                }
            }
            Dictionary <string, string> values;

            if (arbitraryClaimsCheck)
            {
                values =
                    JsonConvert.DeserializeObject <Dictionary <string, string> >(rr["arbitrary-claims"]);
                // paranoia check.  In no way can we allow creation which tries to spoof someone elses client_id.
                var qq = from item in values
                         let c = item.Key
                                 select c;
                if (_privateClaimsScopesValidation.ValidatePrivateArbitraryClaims(rr["client_id"], qq.ToArray()))
                {
                    var query = from value in values
                                where string.Compare(value.Key, "client_id", true) != 0
                                select value;
                    var trimmedClaims = query.ToList();
                    finalClaims.AddRange(trimmedClaims.Select(value => new Claim(value.Key, value.Value)));
                }
            }
            if (subject != null)
            {
                finalClaims.AddRange(subject.Claims.Where(p2 =>
                                                          finalClaims.All(p1 => p1.Type != p2.Type)));
            }
            // if we find any, than add them to the original and send that back.
            IEnumerable <Claim> claimresults = finalClaims;

            return(claimresults);
        }
        public override Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Client client,
                                                                              IEnumerable <Scope> scopes, ValidatedRequest request)
        {
            var arbitraryClaimsCheck = request.Raw.Validate(RequiredArbitraryClaimsArgument);
            var arbitraryScopesCheck = request.Raw.Validate(RequiredArbitraryScopes);

            if (!arbitraryClaimsCheck && !arbitraryScopesCheck)
            {
                var missing = string.Join(",", RequiredArbitraryClaimsArgument.ToArray());
                missing += ",";
                missing += string.Join(",", RequiredArbitraryScopes.ToArray());
                throw new Exception(string.Format("RequiredArgument failed need the following [{0}]", missing));
            }



            var          result      = base.GetAccessTokenClaimsAsync(subject, client, scopes, request);
            var          rr          = request.Raw.AllKeys.ToDictionary(k => k, k => request.Raw[k]);
            List <Claim> finalClaims = new List <Claim>(result.Result);


            if (arbitraryScopesCheck)
            {
                var newScopes = rr["arbitrary-scopes"].Split(new char[] { ' ', '\t' },
                                                             StringSplitOptions.RemoveEmptyEntries);
                foreach (var scope in newScopes)
                {
                    finalClaims.Add(new Claim("scope", scope));
                }
            }

            Dictionary <string, string> values;

            if (arbitraryClaimsCheck)
            {
                values =
                    JsonConvert.DeserializeObject <Dictionary <string, string> >(rr["arbitrary-claims"]);
                finalClaims.AddRange(values.Select(value => new Claim(value.Key, value.Value)));
            }



            if (subject != null)
            {
                finalClaims.AddRange(subject.Claims.Where(p2 =>
                                                          finalClaims.All(p1 => p1.Type != p2.Type)));
            }

            // if we find any, than add them to the original and send that back.
            IEnumerable <Claim> claimresults = finalClaims;
            var taskResult = Task.FromResult(claimresults);

            return(taskResult);
        }