private async Task <IActionResult> ExchangeClientCredentialsGrantType(OpenIdConnectRequest request)
{
// Note: client authentication is always enforced by OpenIddict before this action is invoked.
var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted);
if (application == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidClient,
ErrorDescription = T["The client application is unknown."]
}));
}
var identity = new ClaimsIdentity(
OpenIdConnectServerDefaults.AuthenticationScheme,
OpenIdConnectConstants.Claims.Name,
OpenIdConnectConstants.Claims.Role);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, application.ClientId);
identity.AddClaim(OpenIdConnectConstants.Claims.Name,
await _applicationManager.GetDisplayNameAsync(application, HttpContext.RequestAborted),
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
foreach (var roleName in application.RoleNames)
{
identity.AddClaim(identity.RoleClaimType, roleName,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
foreach (var claim in await _roleStore.GetClaimsAsync(await _roleStore.FindByIdAsync(roleName, HttpContext.RequestAborted)))
{
identity.AddClaim(claim.Type, claim.Value, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken);
}
}
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
ticket.SetResources(request.GetResources());
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
/// <summary>
/// 获取当前用户组的声明列表实例。
/// </summary>
/// <param name="roleId">用户组ID。</param>
/// <param name="cancellationToken">取消标志。</param>
/// <returns>返回用户组声明列表实例。</returns>
public virtual Task <IList <Claim> > GetClaimsAsync(int roleId, CancellationToken cancellationToken = new CancellationToken())
{
return(_store.GetClaimsAsync(new TRole {
RoleId = roleId
}, cancellationToken));
}