public TokenExchangeResultBuilder(ILogger <TokenExchangeResultBuilder> logger, TokenExchangeOptions options)
{
this.logger = logger;
this.options = options;
this.subjectUserClaims = new List <Claim>();
this.actorUserClaims = new List <Claim>();
}
public TokenExchangeGrantValidator(
IScopedContext <TenantRequestContext> scopedTenantRequestContext,
IScopedStorage scopedStorage,
IResourceStore resourceStore,
IScopedOptionalClaims scopedOptionalClaims,
IConsentExternalService consentExternalService,
IExternalServicesStore externalServicesStore,
IScopedOverrideRawScopeValues scopedOverrideRawScopeValues,
ISerializer serializer,
IConsentDiscoveryCacheAccessor consentDiscoveryCacheAccessor,
IOptions <TokenExchangeOptions> tokenExchangeOptions,
IIdentityTokenValidator identityTokenValidator,
ITokenValidator tokenValidator,
ILogger <TokenExchangeGrantValidator> logger)
{
_scopedTenantRequestContext = scopedTenantRequestContext;
_scopedStorage = scopedStorage;
_serializer = serializer;
_resourceStore = resourceStore;
_scopedOptionalClaims = scopedOptionalClaims;
_consentExternalService = consentExternalService;
_externalServicesStore = externalServicesStore;
_scopedOverrideRawScopeValues = scopedOverrideRawScopeValues;
_consentDiscoveryCacheAccessor = consentDiscoveryCacheAccessor;
_tokenExchangeOptions = tokenExchangeOptions.Value;
_identityTokenValidator = identityTokenValidator;
_tokenValidator = tokenValidator;
_logger = logger;
}
public DeviceCodeBackChannelController(
IExternalServicesStore externalServicesStore,
IOptions <TokenExchangeOptions> tokenExchangeOptions,
IIdentityTokenValidator identityTokenValidator,
IConsentExternalService consentExternalService,
IConsentDiscoveryCacheAccessor consentDiscoveryCacheAccessor,
IClientSecretValidator clientValidator,
IDeviceFlowStore deviceFlowStore,
ISerializer serializer,
ICoreMapperAccessor coreMapperAccessor,
IEventService events,
ILogger <DeviceCodeBackChannelController> logger)
{
_externalServicesStore = externalServicesStore;
_tokenExchangeOptions = tokenExchangeOptions.Value;
_identityTokenValidator = identityTokenValidator;
_consentExternalService = consentExternalService;
_consentDiscoveryCacheAccessor = consentDiscoveryCacheAccessor;
_clientValidator = clientValidator;
_deviceFlowStore = deviceFlowStore;
_serializer = serializer;
_coreMapperAccessor = coreMapperAccessor;
_events = events;
_logger = logger;
}
public DiscoveryCacheAccessor(IOptions <TokenExchangeOptions> tokenExchangeOptions)
{
_authorityMap = new ConcurrentDictionary <string, IDiscoveryCache>();
_tokenExchangeOptions = tokenExchangeOptions.Value;
foreach (var authority in _tokenExchangeOptions.Authorities)
{
var dc = new DiscoveryCache(authority.Value, new DiscoveryPolicy()
{
ValidateEndpoints = false
});
_authorityMap[authority.Key] = dc;
}
}
public void Build_ValidRequest_SuccessResultMapsSubjectClaims()
{
// Arrange
var options = new TokenExchangeOptions
{
ActorClaimsToInclude = new List <string> {
JwtClaimTypes.Subject, TokenExchangeConstants.ClaimTypes.TenantId
},
SubjectClaimsToExclude = new List <string> {
"customClaimTypeToExclude"
}
};
var target = new TokenExchangeResultBuilder(this.loggerMock.Object, options);
var expectedClaims = new List <Claim>
{
new Claim(JwtClaimTypes.Subject, "testSubject"),
new Claim(JwtClaimTypes.IdentityProvider, "subjectIdp"),
new Claim("customClaim1", "value1"),
new Claim("customClaim2", "value2"),
};
var actorTokenValidationResult = SuccessActorTokenValidationResult();
var subjectTokenValidationResult = SuccessSubjectTokenValidationResult();
var subjectTokenClaims = new List <Claim> {
new Claim("customClaimTypeToExclude", "customClaimToExclude")
};
subjectTokenClaims.AddRange(expectedClaims);
subjectTokenValidationResult.Claims = subjectTokenClaims;
// Act
var result = target
.WithActor(actorTokenValidationResult)
.WithSubject(subjectTokenValidationResult)
.Build();
// Assert
Assert.IsFalse(result.IsError);
foreach (var expectedClaim in expectedClaims)
{
var resultClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(expectedClaim.Type));
Assert.IsNotNull(resultClaim);
Assert.AreEqual(expectedClaim.Value, resultClaim.Value);
}
Assert.IsFalse(result.Subject.Claims.Any(c => c.Type.Equals("customClaimTypeToExclude")));
}
public void Build_ValidSubject_SuccessResultMapsNewActClaim()
{
// Arrange
var expectedActClaim = "{\"client_id\":\"client_id_from_actor\",\"sub\":\"aClientSub\",\"tenantId\":\"2\",\"aCustomClaimToMap\":\"aCustomClaimValueToMap\"}";
var options = new TokenExchangeOptions
{
ActorClaimsToInclude = new List <string> {
JwtClaimTypes.Subject, TokenExchangeConstants.ClaimTypes.TenantId, "aCustomClaimToMap"
},
SubjectClaimsToExclude = new List <string>()
};
var target = new TokenExchangeResultBuilder(this.loggerMock.Object, options);
var actorTokenValidationResult = SuccessActorTokenValidationResult();
var actorTokenClaims = new List <Claim>
{
new Claim(JwtClaimTypes.Subject, "aClientSub"),
new Claim(TokenExchangeConstants.ClaimTypes.TenantId, "2"),
new Claim("aCustomClaimToMap", "aCustomClaimValueToMap"),
new Claim("aCustomClaimToExclude", "aCustomClaimValueToExclude"),
};
actorTokenValidationResult.Claims = actorTokenClaims;
var subjectTokenValidationResult = SuccessSubjectTokenValidationResult();
// Act
var result = target
.WithActor(actorTokenValidationResult)
.WithSubject(subjectTokenValidationResult)
.Build();
// Assert
Assert.IsFalse(result.IsError);
var actClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(TokenExchangeConstants.ClaimTypes.Act));
Assert.IsNotNull(actClaim);
Assert.AreEqual(expectedActClaim, actClaim.Value);
}
/// <summary>
/// Adds the support for token exchange grant.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="builder">The builder.</param>
/// <param name="options">Defines the options for the token-exchange setup.</param>
/// <returns></returns>
public static IIdentityServerBuilder AddTokenExchange(this IIdentityServerBuilder builder, TokenExchangeOptions options)
{
builder.Services.AddSingleton(options);
builder.Services.AddScoped <IExtensionGrantResultBuilder, TokenExchangeResultBuilder>();
builder.Services.AddScoped <ITokenExchangeRequestValidator, TokenExchangeRequestValidator>();
builder.Services.AddScoped <IExtensionGrantValidator, TokenExchangeGrant>();
return(builder);
}
public TokenExchangeRequestValidator(ITokenValidator tokenValidator, ILogger <TokenExchangeRequestValidator> logger, TokenExchangeOptions options)
{
this.tokenValidator = tokenValidator;
this.logger = logger;
this.options = options;
}
