private string GetSuccessReturnUri(User user, string returnUrl)
{
var loginResult = BankIdLoginResult.Success(user.PersonalIdentityNumber, user.Name, user.GivenName, user.Surname);
var protectedLoginResult = _loginResultProtector.Protect(loginResult);
var queryString = $"loginResult={_urlEncoder.Encode(protectedLoginResult)}";
return(AppendQueryString(returnUrl, queryString));
}
private async Task <AuthenticationTicket> GetAuthenticationTicket(BankIdLoginResult loginResult, AuthenticationProperties properties)
{
if (Options.TokenExpiresIn.HasValue)
{
properties.ExpiresUtc = Clock.UtcNow.Add(Options.TokenExpiresIn.Value);
}
var claims = await GetClaims(loginResult);
var identity = new ClaimsIdentity(claims, Scheme.Name, BankIdClaimTypes.Name, BankIdClaimTypes.Role);
var principal = new ClaimsPrincipal(identity);
return(new AuthenticationTicket(principal, properties, Scheme.Name));
}
private AuthenticationTicket GetAuthenticationTicket(BankIdLoginResult loginResult, AuthenticationProperties properties)
{
DateTimeOffset?expiresUtc = null;
if (Options.TokenExpiresIn.HasValue)
{
expiresUtc = Clock.UtcNow.Add(Options.TokenExpiresIn.Value);
properties.ExpiresUtc = expiresUtc;
}
var claims = GetClaims(loginResult, expiresUtc);
var identity = new ClaimsIdentity(claims, Scheme.Name, BankIdClaimTypes.Name, BankIdClaimTypes.Role);
var principal = new ClaimsPrincipal(identity);
return(new AuthenticationTicket(principal, properties, Scheme.Name));
}
private async Task <IEnumerable <Claim> > GetClaims(BankIdLoginResult loginResult)
{
var context = new BankIdClaimsTransformationContext(
Options,
loginResult.BankIdOrderRef,
loginResult.PersonalIdentityNumber,
loginResult.Name,
loginResult.GivenName,
loginResult.Surname
);
foreach (var transformer in _bankIdClaimsTransformers)
{
await transformer.TransformClaims(context);
}
return(context.Claims);
}
private IEnumerable <Claim> GetClaims(BankIdLoginResult loginResult, DateTimeOffset?expiresUtc)
{
var personalIdentityNumber = SwedishPersonalIdentityNumber.Parse(loginResult.PersonalIdentityNumber);
var claims = new List <Claim>
{
new Claim(BankIdClaimTypes.Subject, personalIdentityNumber.To12DigitString()),
new Claim(BankIdClaimTypes.Name, loginResult.Name),
new Claim(BankIdClaimTypes.FamilyName, loginResult.Surname),
new Claim(BankIdClaimTypes.GivenName, loginResult.GivenName),
new Claim(BankIdClaimTypes.SwedishPersonalIdentityNumber, personalIdentityNumber.To10DigitString())
};
AddOptionalClaims(claims, personalIdentityNumber, expiresUtc);
return(claims);
}
public string Protect(BankIdLoginResult loginResult)
{
return(_secureDataFormat.Protect(loginResult));
}
