/// <summary> /// Initializes a <see cref="AdfsCreatingTicketContext"/> /// </summary> /// <param name="context">The HTTP environment.</param> /// <param name="options">The options used by the authentication middleware.</param> /// <param name="backchannel">The HTTP client used by the authentication middleware</param> /// <param name="token">The tokens returned from the token endpoint.</param> /// <param name="user">The de-serialized user.</param> public AdfsCreatingTicketContext( IOwinContext context, AdfsOptions options, HttpClient backchannel, AdfsOAuthTokenResponse token) : base(context) { if (context == null) { throw new ArgumentNullException("context"); } if (options == null) { throw new ArgumentNullException("options"); } if (backchannel == null) { throw new ArgumentNullException("backchannel"); } if (token == null) { throw new ArgumentNullException("token"); } TokenResponse = token; Backchannel = backchannel; Options = options; }
/// <summary> /// Initializes a <see cref="AdfsCreatingTicketContext"/> /// </summary> /// <param name="context">The HTTP environment.</param> /// <param name="options">The options used by the authentication middleware.</param> /// <param name="backchannel">The HTTP client used by the authentication middleware</param> /// <param name="token">The tokens returned from the token endpoint.</param> /// <param name="user">The de-serialized user.</param> public AdfsCreatingTicketContext( IOwinContext context, AdfsOptions options, HttpClient backchannel, AdfsOAuthTokenResponse token) : base(context) { if (context == null) throw new ArgumentNullException("context"); if (options == null) throw new ArgumentNullException("options"); if (backchannel == null) throw new ArgumentNullException("backchannel"); if (token == null) throw new ArgumentNullException("token"); TokenResponse = token; Backchannel = backchannel; Options = options; }
protected virtual async Task <AuthenticationTicket> CreateTicketAsync( ClaimsIdentity identity, AuthenticationProperties properties, AdfsOAuthTokenResponse token) { var claims = CleanClaims(token.Claims).ToList(); if (!string.IsNullOrEmpty(Options.SubjectClaimType)) { var altSubClaim = claims.FirstOrDefault(c => c.Type == Options.SubjectClaimType); if (altSubClaim != null) { // replace existing sub claim // TODO: is it safe to leave the existing sub claim alone? claims.RemoveAll(m => m.Type == "sub"); claims.Add(new Claim("sub", altSubClaim.Value, altSubClaim.ValueType, token.Issuer)); } } if (Options.SaveTokensAsClaims) { claims.Add(new Claim("access_token", token.AccessToken, ClaimValueTypes.String, token.Issuer)); if (!string.IsNullOrEmpty(token.RefreshToken)) { claims.Add(new Claim("refresh_token", token.RefreshToken, ClaimValueTypes.String, token.Issuer)); } if (!string.IsNullOrEmpty(token.TokenType)) { claims.Add(new Claim("token_type", token.TokenType, ClaimValueTypes.String, token.Issuer)); } if (token.ExpiresIn != 0) { claims.Add(new Claim("expires_in", token.ExpiresIn.ToString(), ClaimValueTypes.String, token.Issuer)); } } var ticketIdentity = new ClaimsIdentity(claims, identity.AuthenticationType, identity.NameClaimType, identity.RoleClaimType); _logger.WriteInformation($"{Options.AuthenticationType}: creating ticket from remote token: {token.AccessToken}"); var context = new AdfsCreatingTicketContext(Context, Options, _httpClient, token) { Identity = ticketIdentity, Properties = properties }; await Options.Events.CreatingTicket(context).ConfigureAwait(false); if (context.Identity == null) { _logger.WriteWarning($"{Options.AuthenticationType}: The CreatingTicket event has set the identity to null"); return(null); } return(new AuthenticationTicket(context.Identity, context.Properties)); }