private async Task <AuthenticationTicket> CreateTicket(OpenIdConnectRequest request, AuthenticationProperties properties = null)
{
//check if the client credentials exist
var audience = await _audienceService.GetAudienceByIdSecret(request.ClientId, request.ClientSecret);
if (audience == null)
{
return(null);
}
//var roles = audience.Channels?.Split(',');
var principal = CreateClaims(request, audience.AppName);
var ticket = new AuthenticationTicket(principal, properties, OpenIdConnectServerDefaults.AuthenticationScheme);
string resources = audience.Resources;
if (!request.IsRefreshTokenGrantType())
{
foreach (var claim in principal.Claims)
{
switch (claim.Type)
{
case Claims.Email:
if (request.HasScope(OpenIdConnectConstants.Scopes.Email))
{
claim.SetDestinations(Destinations.IdentityToken);
}
break;
case Claims.PhoneNumber:
if (request.HasScope(OpenIdConnectConstants.Scopes.Phone))
{
claim.SetDestinations(Destinations.IdentityToken);
}
break;
case Claims.Picture:
if (request.HasScope(OpenIdConnectConstants.Scopes.Profile))
{
claim.SetDestinations(Destinations.IdentityToken);
}
break;
case Claims.Region:
break;
default:
claim.SetDestinations(Destinations.AccessToken,
Destinations.IdentityToken);
break;
}
}
ticket.SetScopes(new[]
{
Scopes.OpenId,
Scopes.Email,
Scopes.Profile,
Scopes.OfflineAccess,
OpenIddictConstants.Scopes.Roles
}.Intersect(request.GetScopes()));
}
ticket.SetResources(resources.Split(','));
return(ticket);
}