public async Task <WorkplaceCredentialsDto> CreateWorkplaceAsync(WorkplaceDescriptorDto workplaceDescriptor)
{
var credentials = CreateCredentials(workplaceDescriptor);
var permissions = new List <string>(8);
permissions.AddRange(workplaceDescriptor.Scopes.Select(s => "scp:" + s));
permissions.AddRange(new[] {
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials
});
var application = new PskApplication
{
ClientId = credentials.ClientId,
DisplayName = workplaceDescriptor.DisplayName,
Permissions = JsonConvert.SerializeObject(permissions),
TenantId = workplaceDescriptor.TenantId,
BranchOfficeId = workplaceDescriptor.BranchOfficeId,
DepartmentId = workplaceDescriptor.DepartmentId,
ApplicationType = "workplace_" + workplaceDescriptor.WorkplaceType
};
await _oidcAppManager.CreateAsync(application, credentials.ClientSecret);
return(credentials);
}
private AuthenticationTicket CreateWorkplaceSignInTicket(OpenIdConnectRequest request, PskApplication application)
{
// Create a new ClaimsIdentity containing the claims that
// will be used to create an id_token, a token or a code.
var identity = new ClaimsIdentity(
OpenIddictServerDefaults.AuthenticationScheme,
OpenIdConnectConstants.Claims.Name,
OpenIdConnectConstants.Claims.Role);
// Use the client_id as the subject identifier.
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, application.ClientId,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
identity.AddClaim(OpenIdConnectConstants.Claims.Name, application.DisplayName,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
var principal = new ClaimsPrincipal(identity);
principal.AddUserTenantAndOrgStructureClaims(application.TenantId, application.BranchOfficeId, application.DepartmentId);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(
principal, new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
var scopes = request.GetScopes();
ticket.SetScopes(scopes);
identity.AddClaim(
CustomClaimTypes.TenantId,
application.TenantId,
OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken);
// a 'tenant auditor' workplace application
// doesn't have a 'branch office id' claim
if (!string.IsNullOrEmpty(application.BranchOfficeId))
{
identity.AddClaim(
CustomClaimTypes.BranchOfficeId,
application.BranchOfficeId,
OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken);
}
// a 'branch auditor' workplace application
// doesn't have a 'department id' claim
if (!string.IsNullOrEmpty(application.DepartmentId))
{
identity.AddClaim(
CustomClaimTypes.DepartmentId,
application.DepartmentId,
OpenIdConnectConstants.Destinations.IdentityToken, OpenIdConnectConstants.Destinations.AccessToken);
}
return(ticket);
}
