protected BaseAuthorizationHandler(IOptions <IdentityAuthorizationOptions> options, IHttpContextAccessor httpContextAccessor, DiscoveryInfoProvider discoveryInfoProvider) { _httpContextAccessor = httpContextAccessor; DiscoveryInfoProvider = discoveryInfoProvider; Options = options.Value; }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, EmailVerifiedRequirement requirement) { var discoveryInfo = await DiscoveryInfoProvider.GetDiscoveryInfo(); if (discoveryInfo.Exception != null) { throw discoveryInfo.Exception; } // retrieve user info from ids var client = new HttpClient(); var usrInfo = await client.GetUserInfoAsync(new UserInfoRequest { Address = discoveryInfo.UserInfoEndpoint, Token = Token }); if (usrInfo.Claims == null) { context.Fail(); return; } // retrieve email verified claim, check for claim type in options var targetClaim = usrInfo.Claims.FirstOrDefault(c => c.Type == Options.EmailVerifiedClaim); if (targetClaim == null) { context.Fail(); return; } // check if claim value is "true" or "True" if (targetClaim.Value.Equals("true", StringComparison.InvariantCultureIgnoreCase)) { context.Succeed(requirement); } else { context.Fail(); } }
public EmailVerifiedAuthorizationHandler(IOptions <IdentityAuthorizationOptions> options, IHttpContextAccessor httpContextAccessor, DiscoveryInfoProvider discoveryInfoProvider) : base(options, httpContextAccessor, discoveryInfoProvider) { }