public override async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.Resources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16)));
}
claims.Add(new Claim(JwtClaimTypes.Name, request.Subject.GetDisplayName()));
var issuer = Context.HttpContext.GetIdentityServerIssuerUri();
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
AccessTokenType = request.ValidatedRequest.AccessTokenType
};
foreach (var api in request.Resources.ApiResources)
{
if (!string.IsNullOrWhiteSpace(api.Name))
{
token.Audiences.Add(api.Name);
}
}
return(token);
}
public override async Task <Token> CreateAccessTokenAsync(TokenCreationRequest request)
{
Logger.LogTrace("Creating access token");
request.Validate();
var claims = new List <Claim>();
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.ValidatedResources,
request.ValidatedRequest));
if (request.ValidatedRequest.Client.IncludeJwtId)
{
claims.Add(new Claim(JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId(16, CryptoRandom.OutputFormat.Hex)));
}
if (request.ValidatedRequest.SessionId.IsPresent())
{
claims.Add(new Claim(JwtClaimTypes.SessionId, request.ValidatedRequest.SessionId));
}
var issuer = _scopedTenantRequestContext.Context.Issuer;
if (string.IsNullOrWhiteSpace(issuer))
{
issuer = ContextAccessor.HttpContext.GetIdentityServerIssuerUri();
}
var token = new Token(OidcConstants.TokenTypes.AccessToken)
{
CreationTime = Clock.UtcNow.UtcDateTime,
Issuer = issuer,
Lifetime = request.ValidatedRequest.AccessTokenLifetime,
Claims = claims.Distinct(new ClaimComparer()).ToList(),
ClientId = request.ValidatedRequest.Client.ClientId,
Description = request.Description,
AccessTokenType = request.ValidatedRequest.AccessTokenType,
AllowedSigningAlgorithms = request.ValidatedResources.Resources.ApiResources.FindMatchingSigningAlgorithms()
};
// add aud based on ApiResources in the validated request
foreach (var aud in request.ValidatedResources.Resources.ApiResources.Select(x => x.Name).Distinct())
{
token.Audiences.Add(aud);
}
if (Options.EmitStaticAudienceClaim)
{
token.Audiences.Add(string.Format(IdentityServerConstants.AccessTokenAudience, issuer.EnsureTrailingSlash()));
}
// add cnf if present
if (request.ValidatedRequest.Confirmation.IsPresent())
{
token.Confirmation = request.ValidatedRequest.Confirmation;
}
else
{
if (Options.MutualTls.AlwaysEmitConfirmationClaim)
{
var clientCertificate = await ContextAccessor.HttpContext.Connection.GetClientCertificateAsync();
if (clientCertificate != null)
{
token.Confirmation = clientCertificate.CreateThumbprintCnf();
}
}
}
return(token);
}
