public Task CreatingTicket(AdfsCreatingTicketContext context)
{
return OnCreatingTicket(context);
}
protected virtual async Task <AuthenticationTicket> CreateTicketAsync(
ClaimsIdentity identity, AuthenticationProperties properties, AdfsOAuthTokenResponse token)
{
var claims = CleanClaims(token.Claims).ToList();
if (!string.IsNullOrEmpty(Options.SubjectClaimType))
{
var altSubClaim = claims.FirstOrDefault(c => c.Type == Options.SubjectClaimType);
if (altSubClaim != null)
{
// replace existing sub claim
// TODO: is it safe to leave the existing sub claim alone?
claims.RemoveAll(m => m.Type == "sub");
claims.Add(new Claim("sub", altSubClaim.Value, altSubClaim.ValueType, token.Issuer));
}
}
if (Options.SaveTokensAsClaims)
{
claims.Add(new Claim("access_token", token.AccessToken,
ClaimValueTypes.String, token.Issuer));
if (!string.IsNullOrEmpty(token.RefreshToken))
{
claims.Add(new Claim("refresh_token", token.RefreshToken,
ClaimValueTypes.String, token.Issuer));
}
if (!string.IsNullOrEmpty(token.TokenType))
{
claims.Add(new Claim("token_type", token.TokenType,
ClaimValueTypes.String, token.Issuer));
}
if (token.ExpiresIn != 0)
{
claims.Add(new Claim("expires_in", token.ExpiresIn.ToString(),
ClaimValueTypes.String, token.Issuer));
}
}
var ticketIdentity = new ClaimsIdentity(claims, identity.AuthenticationType,
identity.NameClaimType, identity.RoleClaimType);
_logger.WriteInformation($"{Options.AuthenticationType}: creating ticket from remote token: {token.AccessToken}");
var context = new AdfsCreatingTicketContext(Context, Options, _httpClient, token)
{
Identity = ticketIdentity,
Properties = properties
};
await Options.Events.CreatingTicket(context).ConfigureAwait(false);
if (context.Identity == null)
{
_logger.WriteWarning($"{Options.AuthenticationType}: The CreatingTicket event has set the identity to null");
return(null);
}
return(new AuthenticationTicket(context.Identity, context.Properties));
}
public Task CreatingTicket(AdfsCreatingTicketContext context)
{
return(OnCreatingTicket(context));
}
