public override Task ProfileEndpoint(ProfileEndpointContext context) { // Note: by default, OpenIdConnectServerHandler automatically handles userinfo requests and directly // writes the JSON response to the response stream. This sample uses a custom ProfileController that // handles userinfo requests: context.SkipToNextMiddleware() is called to bypass the default // request processing executed by OpenIdConnectServerHandler. context.SkipToNextMiddleware(); return(Task.FromResult <object>(null)); }
public override async Task ProfileEndpoint([NotNull] ProfileEndpointContext context) { var manager = context.HttpContext.RequestServices.GetRequiredService <OpenIddictManager <TUser, TApplication> >(); var principal = context.AuthenticationTicket?.Principal; Debug.Assert(principal != null); // Note: user may be null if the user has been removed. // In this case, return a 400 response. var user = await manager.FindByIdAsync(principal.GetUserId()); if (user == null) { context.Response.StatusCode = 400; context.HandleResponse(); return; } // Note: "sub" is a mandatory claim. // See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse context.Subject = await manager.GetUserIdAsync(user); // Only add the "preferred_username" claim if the "profile" scope was present in the access token. // Note: filtering the username is not needed at this stage as OpenIddictController.Accept // and OpenIddictProvider.GrantResourceOwnerCredentials are expected to reject requests that // don't include the "email" scope if the username corresponds to the registed email address. if (context.AuthenticationTicket.HasScope(OpenIdConnectConstants.Scopes.Profile)) { context.PreferredUsername = await manager.GetUserNameAsync(user); if (manager.SupportsUserClaim) { context.FamilyName = await manager.FindClaimAsync(user, ClaimTypes.Surname); context.GivenName = await manager.FindClaimAsync(user, ClaimTypes.GivenName); context.BirthDate = await manager.FindClaimAsync(user, ClaimTypes.DateOfBirth); } } // Only add the email address details if the "email" scope was present in the access token. if (context.AuthenticationTicket.HasScope(OpenIdConnectConstants.Scopes.Email)) { context.Email = await manager.GetEmailAsync(user); // Only add the "email_verified" claim // if the email address is non-null. if (!string.IsNullOrEmpty(context.Email)) { context.EmailVerified = await manager.IsEmailConfirmedAsync(user); } } ; // Only add the phone number details if the "phone" scope was present in the access token. if (context.AuthenticationTicket.HasScope(OpenIdConnectConstants.Scopes.Phone)) { context.PhoneNumber = await manager.GetPhoneNumberAsync(user); // Only add the "phone_number_verified" // claim if the phone number is non-null. if (!string.IsNullOrEmpty(context.PhoneNumber)) { context.PhoneNumberVerified = await manager.IsPhoneNumberConfirmedAsync(user); } } // Only add the roles list if the "roles" scope was present in the access token. if (manager.SupportsUserRole && context.AuthenticationTicket.HasScope(OpenIddictConstants.Scopes.Roles)) { var roles = await manager.GetRolesAsync(user); if (roles.Count != 0) { context.Claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(roles); } } }