public override async Task SerializeAccessToken([NotNull] SerializeAccessTokenContext context)
{
var options = (OpenIddictServerOptions)context.Options;
if (options.DisableTokenStorage)
{
return;
}
var token = await CreateTokenAsync(
OpenIdConnectConstants.TokenUsages.AccessToken,
context.Ticket, options, context.Request, context.DataFormat);
// If a reference token was returned by CreateTokenAsync(),
// force the OpenID Connect server middleware to use it.
if (!string.IsNullOrEmpty(token))
{
context.AccessToken = token;
context.HandleSerialization();
}
// Otherwise, let the OpenID Connect server middleware
// serialize the token using its default internal logic.
await _eventService.PublishAsync(new OpenIddictServerEvents.SerializeAccessToken(context));
}
public override Task SerializeAccessToken(SerializeAccessTokenContext context)
{
context.Audiences = new List <string>()
{
_Audience
};
return(Task.FromResult <object>(null));
}
public override async Task SerializeAccessToken([NotNull] SerializeAccessTokenContext context)
{
var token = await CreateTokenAsync(
OpenIdConnectConstants.TokenUsages.AccessToken,
context.Ticket, (OpenIddictOptions)context.Options,
context.HttpContext, context.Request, context.DataFormat);
// If a reference token was returned by CreateTokenAsync(),
// force the OpenID Connect server middleware to use it.
if (!string.IsNullOrEmpty(token))
{
context.AccessToken = token;
context.HandleSerialization();
}
// Otherwise, let the OpenID Connect server middleware
// serialize the token using its default internal logic.
}
/// <summary>
/// Processes the event.
/// </summary>
/// <param name="context">The context associated with the event to process.</param>
/// <returns>
/// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
/// </returns>
public async Task HandleAsync([NotNull] ProcessSigninResponseContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
// Create a new principal containing only the filtered claims.
// Actors identities are also filtered (delegation scenarios).
var principal = context.Principal.Clone(claim =>
{
// Never exclude the subject claim.
if (string.Equals(claim.Type, Claims.Subject, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
// Always exclude private claims, whose values must generally be kept secret.
if (claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
// Claims whose destination is not explicitly referenced or doesn't
// contain "access_token" are not included in the access token.
if (!claim.HasDestination(Destinations.AccessToken))
{
context.Logger.LogDebug("'{Claim}' was excluded from the access token claims.", claim.Type);
return(false);
}
return(true);
});
principal.SetTokenId(Guid.NewGuid().ToString()).SetCreationDate(DateTimeOffset.UtcNow);
var lifetime = context.Principal.GetAccessTokenLifetime() ?? context.Options.AccessTokenLifetime;
if (lifetime.HasValue)
{
principal.SetExpirationDate(principal.GetCreationDate() + lifetime.Value);
}
// Remove the destinations from the claim properties.
foreach (var claim in principal.Claims)
{
claim.Properties.Remove(Properties.Destinations);
}
// When receiving a grant_type=refresh_token request, determine whether the client application
// requests a limited set of scopes and immediately replace the scopes collection if necessary.
if (context.EndpointType == OpenIddictServerEndpointType.Token &&
context.Request.IsRefreshTokenGrantType() && !string.IsNullOrEmpty(context.Request.Scope))
{
var scopes = context.Request.GetScopes();
if (scopes.Count != 0)
{
context.Logger.LogDebug("The access token scopes will be limited to the scopes " +
"requested by the client application: {Scopes}.", scopes);
principal.SetScopes(scopes.Intersect(context.Principal.GetScopes()));
}
}
var notification = new SerializeAccessTokenContext(context.Transaction)
{
Principal = principal
};
await _provider.DispatchAsync(notification);
if (!notification.IsHandled)
{
throw new InvalidOperationException(new StringBuilder()
.Append("The access token was not correctly processed. This may indicate ")
.Append("that the event handler responsible of generating access tokens ")
.Append("was not registered or was explicitly removed from the handlers list.")
.ToString());
}
context.Response.TokenType = TokenTypes.Bearer;
context.Response.AccessToken = notification.Token;
// If an expiration date was set, return it to the client application.
var date = notification.Principal.GetExpirationDate();
if (date.HasValue && date.Value > DateTimeOffset.UtcNow)
{
context.Response.ExpiresIn = (long)((date.Value - DateTimeOffset.UtcNow).TotalSeconds + .5);
}
// If the granted scopes differ from the request scopes, return the granted scopes list as a parameter.
if (context.Request.IsAuthorizationCodeGrantType() ||
!context.Principal.GetScopes().SetEquals(context.Request.GetScopes()))
{
context.Response.Scope = string.Join(" ", context.Principal.GetScopes());
}
}
public Task SerializeAccessToken(SerializeAccessTokenContext context) => OnSerializeAccessToken(context);
public override Task SerializeAccessToken(SerializeAccessTokenContext context)
{
context.Audiences.Add(_securityConfig.Value.Audience);
return(Task.FromResult <object>(null));
}