Пример #1
0
        /// <summary>
        /// Represents an event called for each validated userinfo request
        /// to allow the user code to decide how the request should be handled.
        /// </summary>
        /// <param name="context">The context instance associated with this event.</param>
        /// <returns>A <see cref="T:System.Threading.Tasks.Task" /> that can be used to monitor the asynchronous operation.</returns>
        public override Task HandleUserinfoRequest(HandleUserinfoRequestContext context)
        {
            var result   = base.HandleUserinfoRequest(context);
            var clientId = context.Ticket?.Identity?.GetClaim("client_id");
            var userName = context.Ticket?.Identity?.GetClaim("username");

            if (clientId.IsNullOrWhiteSpace() || userName.IsNullOrWhiteSpace())
            {
                return(result);
            }

            // Populate requested/allowed claims
            // See https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/issues/543
            using (var rockContext = new RockContext())
            {
                var user = new UserLoginService(rockContext).GetByUserName(userName);
                if (user == null)
                {
                    return(result);
                }

                var requestedScopes     = context.Ticket?.GetScopes();
                var clientAllowedScopes = RockIdentityHelper.NarrowRequestedScopesToApprovedScopes(rockContext, clientId, requestedScopes);
                var clientAllowedClaims = RockIdentityHelper.GetAllowedClientClaims(rockContext, clientId, clientAllowedScopes);
                var claimsIdentity      = RockIdentityHelper.GetRockClaimsIdentity(user, clientAllowedClaims, clientId);

                foreach (var claim in claimsIdentity?.Claims)
                {
                    context.Claims.Add(claim.Type, claim.Value);
                }
            }

            return(result);
        }
        public override Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context)
        {
            // Invoke the rest of the pipeline to allow
            // the user code to handle the userinfo request.
            context.SkipToNextMiddleware();

            return(Task.FromResult(0));
        }
        public override async Task HandleUserinfoRequest(HandleUserinfoRequestContext context)
        {
            var user = await _authManager.GetRolesByUGetUserWithRolesByUserNameAsync(context.Ticket.Principal.Identity.Name);

            context.Claims.Add(OpenIdConnectConstants.Claims.Username, user.UserName);
            context.Claims.Add("fullName", user.FullName);
            context.Claims.Add(OpenIdConnectConstants.Claims.Email, user.Email);
            context.Claims.Add("roles", user.UserRoles.Select(r => r.Role.Name).ToList().JsonSerializeObject());
        }
Пример #4
0
        public override Task HandleUserinfoRequest(HandleUserinfoRequestContext context)
        {
            // Note: by default, OpenIdConnectServerHandler automatically handles userinfo requests and directly
            // writes the JSON response to the response stream. This sample uses a custom UserInfoController that
            // handles userinfo requests: context.SkipToNextMiddleware() is called to bypass the default
            // request processing executed by OpenIdConnectServerHandler.
            context.SkipToNextMiddleware();

            return(Task.FromResult <object>(null));
        }
Пример #5
0
        public override Task HandleUserinfoRequest(HandleUserinfoRequestContext context)
        {
            // Note: by default, the OpenID Connect server middleware automatically handles
            // userinfo requests and directly writes the JSON response to the response stream.
            // Calling context.SkipToNextMiddleware() bypasses the default request processing
            // and delegates it to a custom ASP.NET Core MVC controller (UserinfoController).
            context.SkipToNextMiddleware();

            return(Task.FromResult(0));
        }
Пример #6
0
        public override async Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context)
        {
            var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TUser, TApplication> >();

            var principal = context.Ticket?.Principal;

            Debug.Assert(principal != null);

            // Note: user may be null if the user has been removed.
            // In this case, return a 400 response.
            var user = await services.Users.GetUserAsync(principal);

            if (user == null)
            {
                context.Response.StatusCode = 400;
                context.HandleResponse();

                return;
            }

            // Note: "sub" is a mandatory claim.
            // See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
            context.Subject = await services.Users.GetUserIdAsync(user);

            // Only add the "preferred_username" claim if the "profile" scope was present in the access token.
            // Note: filtering the username is not needed at this stage as OpenIddictController.Accept
            // and OpenIddictProvider.GrantResourceOwnerCredentials are expected to reject requests that
            // don't include the "email" scope if the username corresponds to the registed email address.
            if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Profile))
            {
                context.PreferredUsername = await services.Users.GetUserNameAsync(user);

                if (services.Users.SupportsUserClaim)
                {
                    context.FamilyName = await services.Users.FindClaimAsync(user, ClaimTypes.Surname);

                    context.GivenName = await services.Users.FindClaimAsync(user, ClaimTypes.GivenName);

                    context.BirthDate = await services.Users.FindClaimAsync(user, ClaimTypes.DateOfBirth);
                }
            }

            // Only add the email address details if the "email" scope was present in the access token.
            if (services.Users.SupportsUserEmail && context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Email))
            {
                context.Email = await services.Users.GetEmailAsync(user);

                // Only add the "email_verified" claim
                // if the email address is non-null.
                if (!string.IsNullOrEmpty(context.Email))
                {
                    context.EmailVerified = await services.Users.IsEmailConfirmedAsync(user);
                }
            }
            ;

            // Only add the phone number details if the "phone" scope was present in the access token.
            if (services.Users.SupportsUserPhoneNumber &&
                context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Phone))
            {
                context.PhoneNumber = await services.Users.GetPhoneNumberAsync(user);

                // Only add the "phone_number_verified"
                // claim if the phone number is non-null.
                if (!string.IsNullOrEmpty(context.PhoneNumber))
                {
                    context.PhoneNumberVerified = await services.Users.IsPhoneNumberConfirmedAsync(user);
                }
            }

            // Only add the roles list if the "roles" scope was present in the access token.
            if (services.Users.SupportsUserRole && context.Ticket.HasScope(OpenIddictConstants.Scopes.Roles))
            {
                var roles = await services.Users.GetRolesAsync(user);

                if (roles.Count != 0)
                {
                    context.Claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(roles);
                }
            }
        }
 public Task HandleUserinfoRequest(HandleUserinfoRequestContext context)
 {
     throw new NotImplementedException();
 }
 public override Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context)
 => _eventService.PublishAsync(new OpenIddictServerEvents.HandleUserinfoRequest(context));
        public override async Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context)
        {
            var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TUser, TApplication, TAuthorization, TScope, TToken> >();

            // Note: user may be null if the user was removed after the access token was issued.
            var user = await services.Users.GetUserAsync(context.Ticket.Principal);

            if (user == null)
            {
                services.Logger.LogError("The userinfo request was aborted because the user profile " +
                                         "corresponding to the access token was not found in the database.");

                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidGrant,
                    description: "The access token is no longer valid.");

                return;
            }

            // Note: "sub" is a mandatory claim.
            // See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
            context.Subject = await services.Users.GetUserIdAsync(user);

            // Only add the "preferred_username" claim if the "profile" scope was present in the access token.
            // Note: filtering the username is not needed at this stage as OpenIddictController.Accept
            // and OpenIddictProvider.HandleTokenRequest are expected to reject requests that don't
            // include the "email" scope if the username corresponds to the registed email address.
            if (context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Profile))
            {
                context.PreferredUsername = await services.Users.GetUserNameAsync(user);

                if (services.Users.SupportsUserClaim)
                {
                    context.FamilyName = await services.Users.FindClaimAsync(user, ClaimTypes.Surname);

                    context.GivenName = await services.Users.FindClaimAsync(user, ClaimTypes.GivenName);

                    context.BirthDate = await services.Users.FindClaimAsync(user, ClaimTypes.DateOfBirth);
                }
            }

            // Only add the email address details if the "email" scope was present in the access token.
            if (services.Users.SupportsUserEmail && context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Email))
            {
                context.Email = await services.Users.GetEmailAsync(user);

                // Only add the "email_verified" claim
                // if the email address is non-null.
                if (!string.IsNullOrEmpty(context.Email))
                {
                    context.EmailVerified = await services.Users.IsEmailConfirmedAsync(user);
                }
            }
            ;

            // Only add the phone number details if the "phone" scope was present in the access token.
            if (services.Users.SupportsUserPhoneNumber && context.Ticket.HasScope(OpenIdConnectConstants.Scopes.Phone))
            {
                context.PhoneNumber = await services.Users.GetPhoneNumberAsync(user);

                // Only add the "phone_number_verified"
                // claim if the phone number is non-null.
                if (!string.IsNullOrEmpty(context.PhoneNumber))
                {
                    context.PhoneNumberVerified = await services.Users.IsPhoneNumberConfirmedAsync(user);
                }
            }

            // Only add the roles list if the "roles" scope was present in the access token.
            if (services.Users.SupportsUserRole && context.Ticket.HasScope(OpenIddictConstants.Scopes.Roles))
            {
                var roles = await services.Users.GetRolesAsync(user);

                if (roles.Count != 0)
                {
                    context.Claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(roles);
                }
            }
        }