public static async Task <ClaimsPrincipal> CreateClaimsPrincipalAsync(OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, IdentityOptions identityOptions, SignInManager <ApplicationUser> signInManager, OpenIddictRequest request, ApplicationUser user) { var principal = await signInManager.CreateUserPrincipalAsync(user); if (!request.IsAuthorizationCodeGrantType() && !request.IsRefreshTokenGrantType()) { principal.SetScopes(request.GetScopes().Restrict(principal)); } else if (request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(principal.GetInternalAuthorizationId())) { var app = await applicationManager.FindByClientIdAsync(request.ClientId); var authorizationId = await IsUserAuthorized(authorizationManager, request, user.Id, app.Id); if (!string.IsNullOrEmpty(authorizationId)) { principal.SetInternalAuthorizationId(authorizationId); } } principal.SetDestinations(identityOptions); return(principal); }
public static async Task <string> IsUserAuthorized( OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, OpenIdConnectRequest request, string userId, string applicationId) { var authorizations = await authorizationManager.ListAsync(queryable => queryable.Where(authorization => authorization.Subject.Equals(userId, StringComparison.OrdinalIgnoreCase) && applicationId.Equals(authorization.Application.Id, StringComparison.OrdinalIgnoreCase) && authorization.Status.Equals(OpenIddictConstants.Statuses.Valid, StringComparison.OrdinalIgnoreCase))); if (authorizations.Length > 0) { var scopeTasks = authorizations.Select(authorization => (authorizationManager.GetScopesAsync(authorization).AsTask(), authorization.Id)); await Task.WhenAll(scopeTasks.Select((tuple) => tuple.Item1)); var authorizationsWithSufficientScopes = scopeTasks .Select((tuple) => (tuple.Id, Scopes: tuple.Item1.Result)) .Where((tuple) => !request.GetScopes().Except(tuple.Scopes).Any()); if (authorizationsWithSufficientScopes.Any()) { return(authorizationsWithSufficientScopes.First().Id); } } return(null); }
public LogoutEventHandler( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, SignInManager <ApplicationUser> signInManager, IOptions <IdentityOptions> identityOptions) : base( applicationManager, authorizationManager, signInManager, identityOptions) { }
public RefreshTokenGrantTypeEventHandler( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, SignInManager <ApplicationUser> signInManager, IOptions <IdentityOptions> identityOptions, UserManager <ApplicationUser> userManager) : base( applicationManager, authorizationManager, signInManager, identityOptions, userManager) { }
public OpenIdGrantHandlerCheckCanSignIn( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, SignInManager <ApplicationUser> signInManager, IOptions <IdentityOptions> identityOptions, UserManager <ApplicationUser> userManager) : base( applicationManager, authorizationManager, signInManager, identityOptions) { _userManager = userManager; }
public OpenIddictProvider( ILogger <OpenIddictProvider> logger, OpenIddictApplicationManager <Applications> applications, OpenIddictAuthorizationManager <Authorization> authorizations, OpenIddictScopeManager <OpenIddict.Models.OpenIddictScope> scopes, OpenIddictTokenManager <Token> tokens, IConfigurationRoot config) : base(logger, applications, authorizations, scopes, tokens) { // config.GetSection("ValidIssuers").getva _validIssuers = config.GetSection("ValidIssuers")?.Get <List <String> >(); }
public PasswordGrantTypeEventHandler( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, SignInManager <ApplicationUser> signInManager, UserManager <ApplicationUser> userManager, IOptions <IdentityOptions> identityOptions, U2FService u2FService) : base(applicationManager, authorizationManager, signInManager, identityOptions) { _userManager = userManager; _u2FService = u2FService; }
public ClientCredentialsGrantTypeEventHandler( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, SignInManager <ApplicationUser> signInManager, IOptions <IdentityOptions> identityOptions, UserManager <ApplicationUser> userManager) : base(applicationManager, authorizationManager, signInManager, identityOptions) { _applicationManager = applicationManager; _userManager = userManager; }
protected BaseOpenIdGrantHandler( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, SignInManager <ApplicationUser> signInManager, IOptions <IdentityOptions> identityOptions) { _applicationManager = applicationManager; _authorizationManager = authorizationManager; _signInManager = signInManager; _identityOptions = identityOptions; }
public AuthorizationController( OpenIddictApplicationManager <OpenIddictApplication> applicationManager, OpenIddictAuthorizationManager <OpenIddictAuthorization> authorizationManager, OpenIddictScopeManager <OpenIddictScope> scopeManager, SignInManager <ApplicationUser> signInManager, UserManager <ApplicationUser> userManager) { _applicationManager = applicationManager; _authorizationManager = authorizationManager; _scopeManager = scopeManager; _signInManager = signInManager; _userManager = userManager; }
public AuthorizationController( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, SignInManager <ApplicationUser> signInManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, UserManager <ApplicationUser> userManager, IOptions <IdentityOptions> identityOptions) { _applicationManager = applicationManager; _signInManager = signInManager; _authorizationManager = authorizationManager; _userManager = userManager; _IdentityOptions = identityOptions; }
public AuthorizationController( OpenIddictApplicationManager <OpenIddictApplication> applicationManager, OpenIddictAuthorizationManager <OpenIddictAuthorization> authorizationManager, IOptions <IdentityOptions> identityOptions, SignInManager <ApplicationUser> signInManager, UserManager <ApplicationUser> userManager) { this.applicationManager = applicationManager; this.authorizationManager = authorizationManager; this.identityOptions = identityOptions; this.signInManager = signInManager; this.userManager = userManager; }
public AuthorizationController( OpenIddictApplicationManager <DynamoIdentityApplication> applicationManager, SignInManager <ApplicationUser> signInManager, UserManager <ApplicationUser> userManager, OpenIddictAuthorizationManager <DynamoIdentityAuthorization> authorizationManager, DeviceCodeManager <DynamoIdentityDeviceCode> deviceCodeManager, DeviceCodeOptions deviceCodeOptions) { _applicationManager = applicationManager; _signInManager = signInManager; _userManager = userManager; _authorizationManager = authorizationManager as ApplicationAuthorizationManager <DynamoIdentityAuthorization>; _deviceCodeManager = deviceCodeManager; _deviceCodeOptions = deviceCodeOptions; }
public AuthorizationController( UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, IEmailSender emailSender, ILogger <AuthorizationController> logger, IConfiguration configuration, ApplicationDbContext ctx, OpenIddictTokenManager <OpenIddictToken> tokenManager, OpenIddictAuthorizationManager <OpenIddictAuthorization> authorizationManager ) { _userManager = userManager; _signInManager = signInManager; _emailSender = emailSender; _logger = logger; _config = configuration; _ctx = ctx; _tokenManager = tokenManager; _authorizationManager = authorizationManager; }
public static async Task <AuthenticationTicket> CreateAuthenticationTicket( OpenIddictApplicationManager <BTCPayOpenIdClient> applicationManager, OpenIddictAuthorizationManager <BTCPayOpenIdAuthorization> authorizationManager, IdentityOptions identityOptions, SignInManager <ApplicationUser> signInManager, OpenIdConnectRequest request, ApplicationUser user, AuthenticationProperties properties = null) { // Create a new ClaimsPrincipal containing the claims that // will be used to create an id_token, a token or a code. var principal = await signInManager.CreateUserPrincipalAsync(user); // Create a new authentication ticket holding the user identity. var ticket = new AuthenticationTicket(principal, properties, OpenIddictServerDefaults.AuthenticationScheme); if (!request.IsAuthorizationCodeGrantType() && !request.IsRefreshTokenGrantType()) { ticket.SetScopes(request.GetScopes()); } else if (request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(ticket.GetInternalAuthorizationId())) { var app = await applicationManager.FindByClientIdAsync(request.ClientId); var authorizationId = await IsUserAuthorized(authorizationManager, request, user.Id, app.Id); if (!string.IsNullOrEmpty(authorizationId)) { ticket.SetInternalAuthorizationId(authorizationId); } } foreach (var claim in ticket.Principal.Claims) { claim.SetDestinations(GetDestinations(identityOptions, claim, ticket)); } return(ticket); }
public GmapsController( UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, IEmailSender emailSender, ILogger <AuthorizationController> logger, IConfiguration configuration, ApplicationDbContext ctx, OpenIddictTokenManager <OpenIddictToken> tokenManager, OpenIddictAuthorizationManager <OpenIddictAuthorization> authorizationManager ) { _userManager = userManager; _signInManager = signInManager; _emailSender = emailSender; _logger = logger; _config = configuration; _ctx = ctx; var GoogleConfig = _config.GetSection("ExternalIdentities").GetSection("Google"); _googleApiKey = GoogleConfig["api_key"]; }
public PruneExpiredTokensJob(OpenIddictTokenManager <OpenIddictToken> openIddictTokenManager, OpenIddictAuthorizationManager <OpenIddictAuthorization> openIddictAuthorizationManager) { _openIddictTokenManager = openIddictTokenManager; _openIddictAuthorizationManager = openIddictAuthorizationManager; }