public TokenExchangeResultBuilder(ILogger <TokenExchangeResultBuilder> logger, TokenExchangeOptions options) { this.logger = logger; this.options = options; this.subjectUserClaims = new List <Claim>(); this.actorUserClaims = new List <Claim>(); }
public TokenExchangeGrantValidator( IScopedContext <TenantRequestContext> scopedTenantRequestContext, IScopedStorage scopedStorage, IResourceStore resourceStore, IScopedOptionalClaims scopedOptionalClaims, IConsentExternalService consentExternalService, IExternalServicesStore externalServicesStore, IScopedOverrideRawScopeValues scopedOverrideRawScopeValues, ISerializer serializer, IConsentDiscoveryCacheAccessor consentDiscoveryCacheAccessor, IOptions <TokenExchangeOptions> tokenExchangeOptions, IIdentityTokenValidator identityTokenValidator, ITokenValidator tokenValidator, ILogger <TokenExchangeGrantValidator> logger) { _scopedTenantRequestContext = scopedTenantRequestContext; _scopedStorage = scopedStorage; _serializer = serializer; _resourceStore = resourceStore; _scopedOptionalClaims = scopedOptionalClaims; _consentExternalService = consentExternalService; _externalServicesStore = externalServicesStore; _scopedOverrideRawScopeValues = scopedOverrideRawScopeValues; _consentDiscoveryCacheAccessor = consentDiscoveryCacheAccessor; _tokenExchangeOptions = tokenExchangeOptions.Value; _identityTokenValidator = identityTokenValidator; _tokenValidator = tokenValidator; _logger = logger; }
public DeviceCodeBackChannelController( IExternalServicesStore externalServicesStore, IOptions <TokenExchangeOptions> tokenExchangeOptions, IIdentityTokenValidator identityTokenValidator, IConsentExternalService consentExternalService, IConsentDiscoveryCacheAccessor consentDiscoveryCacheAccessor, IClientSecretValidator clientValidator, IDeviceFlowStore deviceFlowStore, ISerializer serializer, ICoreMapperAccessor coreMapperAccessor, IEventService events, ILogger <DeviceCodeBackChannelController> logger) { _externalServicesStore = externalServicesStore; _tokenExchangeOptions = tokenExchangeOptions.Value; _identityTokenValidator = identityTokenValidator; _consentExternalService = consentExternalService; _consentDiscoveryCacheAccessor = consentDiscoveryCacheAccessor; _clientValidator = clientValidator; _deviceFlowStore = deviceFlowStore; _serializer = serializer; _coreMapperAccessor = coreMapperAccessor; _events = events; _logger = logger; }
public DiscoveryCacheAccessor(IOptions <TokenExchangeOptions> tokenExchangeOptions) { _authorityMap = new ConcurrentDictionary <string, IDiscoveryCache>(); _tokenExchangeOptions = tokenExchangeOptions.Value; foreach (var authority in _tokenExchangeOptions.Authorities) { var dc = new DiscoveryCache(authority.Value, new DiscoveryPolicy() { ValidateEndpoints = false }); _authorityMap[authority.Key] = dc; } }
public void Build_ValidRequest_SuccessResultMapsSubjectClaims() { // Arrange var options = new TokenExchangeOptions { ActorClaimsToInclude = new List <string> { JwtClaimTypes.Subject, TokenExchangeConstants.ClaimTypes.TenantId }, SubjectClaimsToExclude = new List <string> { "customClaimTypeToExclude" } }; var target = new TokenExchangeResultBuilder(this.loggerMock.Object, options); var expectedClaims = new List <Claim> { new Claim(JwtClaimTypes.Subject, "testSubject"), new Claim(JwtClaimTypes.IdentityProvider, "subjectIdp"), new Claim("customClaim1", "value1"), new Claim("customClaim2", "value2"), }; var actorTokenValidationResult = SuccessActorTokenValidationResult(); var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); var subjectTokenClaims = new List <Claim> { new Claim("customClaimTypeToExclude", "customClaimToExclude") }; subjectTokenClaims.AddRange(expectedClaims); subjectTokenValidationResult.Claims = subjectTokenClaims; // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); foreach (var expectedClaim in expectedClaims) { var resultClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(expectedClaim.Type)); Assert.IsNotNull(resultClaim); Assert.AreEqual(expectedClaim.Value, resultClaim.Value); } Assert.IsFalse(result.Subject.Claims.Any(c => c.Type.Equals("customClaimTypeToExclude"))); }
public void Build_ValidSubject_SuccessResultMapsNewActClaim() { // Arrange var expectedActClaim = "{\"client_id\":\"client_id_from_actor\",\"sub\":\"aClientSub\",\"tenantId\":\"2\",\"aCustomClaimToMap\":\"aCustomClaimValueToMap\"}"; var options = new TokenExchangeOptions { ActorClaimsToInclude = new List <string> { JwtClaimTypes.Subject, TokenExchangeConstants.ClaimTypes.TenantId, "aCustomClaimToMap" }, SubjectClaimsToExclude = new List <string>() }; var target = new TokenExchangeResultBuilder(this.loggerMock.Object, options); var actorTokenValidationResult = SuccessActorTokenValidationResult(); var actorTokenClaims = new List <Claim> { new Claim(JwtClaimTypes.Subject, "aClientSub"), new Claim(TokenExchangeConstants.ClaimTypes.TenantId, "2"), new Claim("aCustomClaimToMap", "aCustomClaimValueToMap"), new Claim("aCustomClaimToExclude", "aCustomClaimValueToExclude"), }; actorTokenValidationResult.Claims = actorTokenClaims; var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); var actClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(TokenExchangeConstants.ClaimTypes.Act)); Assert.IsNotNull(actClaim); Assert.AreEqual(expectedActClaim, actClaim.Value); }
/// <summary> /// Adds the support for token exchange grant. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="builder">The builder.</param> /// <param name="options">Defines the options for the token-exchange setup.</param> /// <returns></returns> public static IIdentityServerBuilder AddTokenExchange(this IIdentityServerBuilder builder, TokenExchangeOptions options) { builder.Services.AddSingleton(options); builder.Services.AddScoped <IExtensionGrantResultBuilder, TokenExchangeResultBuilder>(); builder.Services.AddScoped <ITokenExchangeRequestValidator, TokenExchangeRequestValidator>(); builder.Services.AddScoped <IExtensionGrantValidator, TokenExchangeGrant>(); return(builder); }
public TokenExchangeRequestValidator(ITokenValidator tokenValidator, ILogger <TokenExchangeRequestValidator> logger, TokenExchangeOptions options) { this.tokenValidator = tokenValidator; this.logger = logger; this.options = options; }