public Task OnGeneratingClaims(TokenGeneratingContext context) { var resource = context.RequestGrants.Scopes.FirstOrDefault(rg => rg.ClientId != null)?.ClientId; if (context.IsContextForTokenTypes(TokenTypes.AccessToken) && resource != null) { // For access tokens we use the scopes from the set of granted scopes, this takes into account the // fact that a token request can ask for a subset of the scopes granted during authorization, either // on a code exchange or on a refresh token grant flow. AddClaimsForAccessToken(context, resource); return(Task.CompletedTask); } if (context.IsContextForTokenTypes(TokenTypes.AuthorizationCode)) { context.AddClaimToCurrentToken( IdentityServiceClaimTypes.Scope, GetScopeValue(context.RequestGrants.Scopes, excludeCanonical: false)); if (resource != null) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.Resource, resource); } return(Task.CompletedTask); } if (context.IsContextForTokenTypes(TokenTypes.RefreshToken)) { // For refresh tokens the scope claim never changes as the set of scopes granted for a refresh token // should not change no matter what scopes are sent on a token request. var scopeClaim = context .RequestGrants .Claims .Single(c => c.Type.Equals(IdentityServiceClaimTypes.Scope, StringComparison.Ordinal)); var resourceClaim = context .RequestGrants .Claims .SingleOrDefault(c => c.Type.Equals(IdentityServiceClaimTypes.Resource, StringComparison.Ordinal)); context.AddClaimToCurrentToken(scopeClaim); if (resourceClaim != null) { context.AddClaimToCurrentToken(resourceClaim); } } return(Task.CompletedTask); }
public Task OnGeneratingClaims(TokenGeneratingContext context) { if (context.IsContextForTokenTypes(TokenTypes.IdToken)) { var accessToken = context .IssuedTokens.SingleOrDefault(t => t.Token.Kind == TokenTypes.AccessToken); var authorizationCode = context .IssuedTokens.SingleOrDefault(t => t.Token.Kind == TokenTypes.AuthorizationCode); if (accessToken != null) { context.CurrentClaims.Add(new Claim( IdentityServiceClaimTypes.AccessTokenHash, GetTokenHash(accessToken.SerializedValue))); } if (authorizationCode != null) { context.CurrentClaims.Add(new Claim( IdentityServiceClaimTypes.CodeHash, GetTokenHash(authorizationCode.SerializedValue))); } } return(Task.CompletedTask); }
public Task OnGeneratingClaims(TokenGeneratingContext context) { if (context.IsContextForTokenTypes(TokenTypes.AuthorizationCode)) { foreach (var grantedToken in GetGrantedTokensForAuthorizationCode(context)) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.GrantedToken, grantedToken); } } if (context.IsContextForTokenTypes(TokenTypes.RefreshToken)) { foreach (var grantedToken in context.RequestGrants.Tokens) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.GrantedToken, grantedToken); } } return(Task.CompletedTask); }
public Task OnGeneratingClaims(TokenGeneratingContext context) { var nonce = GetNonce(context); if (context.IsContextForTokenTypes( TokenTypes.IdToken, TokenTypes.AccessToken, TokenTypes.AuthorizationCode) && nonce != null) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.Nonce, nonce); } return(Task.CompletedTask); }
public Task OnGeneratingClaims(TokenGeneratingContext context) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.TokenUniqueId, Guid.NewGuid().ToString()); var userMapping = GetUserPrincipalTokenMapping(context.CurrentToken); var applicationMapping = GetApplicationPrincipalTokenMapping(context.CurrentToken); var ambientMapping = GetAmbientClaimsTokenMapping(context.CurrentToken); MapFromPrincipal(context, context.User, userMapping); MapFromPrincipal(context, context.Application, applicationMapping); MapFromContext(context, context.AmbientClaims, ambientMapping); if (context.IsContextForTokenTypes(TokenTypes.AccessToken, TokenTypes.IdToken)) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.Issuer, _options.Value.Issuer); } if (context.IsContextForTokenTypes(TokenTypes.AuthorizationCode) && context.RequestParameters.RedirectUri != null) { context.AddClaimToCurrentToken(IdentityServiceClaimTypes.RedirectUri, context.RequestParameters.RedirectUri); } return(Task.CompletedTask); }
public Task OnGeneratingClaims(TokenGeneratingContext context) { if (context.IsContextForTokenTypes(TokenTypes.AuthorizationCode) && context.RequestParameters.Parameters.ContainsKey(ProofOfKeyForCodeExchangeParameterNames.CodeChallenge)) { context.AddClaimToCurrentToken( IdentityServiceClaimTypes.CodeChallenge, context.RequestParameters.Parameters[ProofOfKeyForCodeExchangeParameterNames.CodeChallenge]); context.AddClaimToCurrentToken( IdentityServiceClaimTypes.CodeChallengeMethod, context.RequestParameters.Parameters[ProofOfKeyForCodeExchangeParameterNames.CodeChallengeMethod]); } return(Task.CompletedTask); }