public override async Task GrantClientCredentials([NotNull] GrantClientCredentialsContext context) { var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TUser, TApplication> >(); // Retrieve the application details corresponding to the requested client_id. var application = await services.Applications.FindApplicationByIdAsync(context.ClientId); Debug.Assert(application != null); var identity = new ClaimsIdentity(context.Options.AuthenticationScheme); // Note: the name identifier is always included in both identity and // access tokens, even if an explicit destination is not specified. identity.AddClaim(ClaimTypes.NameIdentifier, context.ClientId); identity.AddClaim(ClaimTypes.Name, await services.Applications.GetDisplayNameAsync(application), OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); // Create a new authentication ticket // holding the application identity. var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), new AuthenticationProperties(), context.Options.AuthenticationScheme); ticket.SetResources(context.Request.GetResources()); ticket.SetScopes(context.Request.GetScopes()); context.Validate(ticket); }
public Task GrantClientCredentials(GrantClientCredentialsContext context) { throw new NotImplementedException(); }
/// <summary> /// Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client /// application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. /// If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. /// To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated /// with the access token. The application should take appropriate measures to ensure that the endpoint isn't abused by malicious callers. /// The default behavior is to reject this grant type. /// See also http://tools.ietf.org/html/rfc6749#section-4.4.2 /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public virtual Task GrantClientCredentials(GrantClientCredentialsContext context) => OnGrantClientCredentials(context);