public override async Task GrantClientCredentials([NotNull] GrantClientCredentialsContext context)
{
var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TUser, TApplication> >();
// Retrieve the application details corresponding to the requested client_id.
var application = await services.Applications.FindApplicationByIdAsync(context.ClientId);
Debug.Assert(application != null);
var identity = new ClaimsIdentity(context.Options.AuthenticationScheme);
// Note: the name identifier is always included in both identity and
// access tokens, even if an explicit destination is not specified.
identity.AddClaim(ClaimTypes.NameIdentifier, context.ClientId);
identity.AddClaim(ClaimTypes.Name, await services.Applications.GetDisplayNameAsync(application),
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
// Create a new authentication ticket
// holding the application identity.
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
ticket.SetResources(context.Request.GetResources());
ticket.SetScopes(context.Request.GetScopes());
context.Validate(ticket);
}
public Task GrantClientCredentials(GrantClientCredentialsContext context)
{
throw new NotImplementedException();
}
/// <summary> /// Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client /// application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. /// If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. /// To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated /// with the access token. The application should take appropriate measures to ensure that the endpoint isn't abused by malicious callers. /// The default behavior is to reject this grant type. /// See also http://tools.ietf.org/html/rfc6749#section-4.4.2 /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public virtual Task GrantClientCredentials(GrantClientCredentialsContext context) => OnGrantClientCredentials(context);
