/// <summary>
/// Method that is called by the OIDC middleware after the authentication data has been validated. This is where most of the sign up
/// and sign in work is done.
/// </summary>
/// <param name="context">An OIDC-supplied <see cref="Microsoft.AspNet.Authentication.OpenIdConnect.AuthenticationValidatedContext"/> containing the current authentication information.</param>
/// <returns>a completed <see cref="System.Threading.Tasks.Task"/></returns>
public override async Task AuthenticationValidated(AuthenticationValidatedContext context)
{
var principal = context.AuthenticationTicket.Principal;
var userId = principal.GetObjectIdentifierValue();
var tenantManager = context.HttpContext.RequestServices.GetService <TenantManager>();
var userManager = context.HttpContext.RequestServices.GetService <UserManager>();
var issuerValue = principal.GetIssuerValue();
_logger.AuthenticationValidated(userId, issuerValue);
// Normalize the claims first.
NormalizeClaims(principal);
var tenant = await tenantManager.FindByIssuerValueAsync(issuerValue)
.ConfigureAwait(false);
if (context.IsSigningUp())
{
// Originally, we were checking to see if the tenant was non-null, however, this would not allow
// permission changes to the application in AAD since a re-consent may be required. Now we just don't
// try to recreate the tenant.
if (tenant == null)
{
tenant = await SignUpTenantAsync(context, tenantManager)
.ConfigureAwait(false);
}
// In this case, we need to go ahead and set up the user signing us up.
await CreateOrUpdateUserAsync(context.AuthenticationTicket, userManager, tenant)
.ConfigureAwait(false);
}
else
{
if (tenant == null)
{
_logger.UnregisteredUserSignInAttempted(userId, issuerValue);
throw new SecurityTokenValidationException($"Tenant {issuerValue} is not registered");
}
await CreateOrUpdateUserAsync(context.AuthenticationTicket, userManager, tenant)
.ConfigureAwait(false);
}
}
internal static Task AuthenticationValidated(AuthenticationValidatedContext context)
{
eventsFired.Add(nameof(AuthenticationValidated));
return(Task.FromResult(0));
}
