public override Task ProfileEndpoint(ProfileEndpointContext context)
{
// Note: by default, OpenIdConnectServerHandler automatically handles userinfo requests and directly
// writes the JSON response to the response stream. This sample uses a custom ProfileController that
// handles userinfo requests: context.SkipToNextMiddleware() is called to bypass the default
// request processing executed by OpenIdConnectServerHandler.
context.SkipToNextMiddleware();
return(Task.FromResult <object>(null));
}
public override async Task ProfileEndpoint([NotNull] ProfileEndpointContext context)
{
var manager = context.HttpContext.RequestServices.GetRequiredService <OpenIddictManager <TUser, TApplication> >();
var principal = context.AuthenticationTicket?.Principal;
Debug.Assert(principal != null);
// Note: user may be null if the user has been removed.
// In this case, return a 400 response.
var user = await manager.FindByIdAsync(principal.GetUserId());
if (user == null)
{
context.Response.StatusCode = 400;
context.HandleResponse();
return;
}
// Note: "sub" is a mandatory claim.
// See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
context.Subject = await manager.GetUserIdAsync(user);
// Only add the "preferred_username" claim if the "profile" scope was present in the access token.
// Note: filtering the username is not needed at this stage as OpenIddictController.Accept
// and OpenIddictProvider.GrantResourceOwnerCredentials are expected to reject requests that
// don't include the "email" scope if the username corresponds to the registed email address.
if (context.AuthenticationTicket.HasScope(OpenIdConnectConstants.Scopes.Profile))
{
context.PreferredUsername = await manager.GetUserNameAsync(user);
if (manager.SupportsUserClaim)
{
context.FamilyName = await manager.FindClaimAsync(user, ClaimTypes.Surname);
context.GivenName = await manager.FindClaimAsync(user, ClaimTypes.GivenName);
context.BirthDate = await manager.FindClaimAsync(user, ClaimTypes.DateOfBirth);
}
}
// Only add the email address details if the "email" scope was present in the access token.
if (context.AuthenticationTicket.HasScope(OpenIdConnectConstants.Scopes.Email))
{
context.Email = await manager.GetEmailAsync(user);
// Only add the "email_verified" claim
// if the email address is non-null.
if (!string.IsNullOrEmpty(context.Email))
{
context.EmailVerified = await manager.IsEmailConfirmedAsync(user);
}
}
;
// Only add the phone number details if the "phone" scope was present in the access token.
if (context.AuthenticationTicket.HasScope(OpenIdConnectConstants.Scopes.Phone))
{
context.PhoneNumber = await manager.GetPhoneNumberAsync(user);
// Only add the "phone_number_verified"
// claim if the phone number is non-null.
if (!string.IsNullOrEmpty(context.PhoneNumber))
{
context.PhoneNumberVerified = await manager.IsPhoneNumberConfirmedAsync(user);
}
}
// Only add the roles list if the "roles" scope was present in the access token.
if (manager.SupportsUserRole && context.AuthenticationTicket.HasScope(OpenIddictConstants.Scopes.Roles))
{
var roles = await manager.GetRolesAsync(user);
if (roles.Count != 0)
{
context.Claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(roles);
}
}
}
