private Task <IEnumerable <string> > DefaultFindScopes(ScopeFinderContext context)
{
var claims = context.User?.FindAll("Scope");
var scopes = claims?.Select(c => c.Value) ?? Enumerable.Empty <string>();
return(Task.FromResult(scopes));
}
/// <summary>
/// Makes decision whether authorization should be allowed based on the provided scopes.
/// </summary>
/// <param name="context">The authorization context.</param>
/// <param name="requirement">The <see cref="ODataAuthorizationScopesRequirement"/> defining the scopes required
/// for authorization to succeed.</param>
/// <returns></returns>
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ODataAuthorizationScopesRequirement requirement)
{
var scopeFinderContext = new ScopeFinderContext(context.User);
var getScopes = _scopesFinder ?? DefaultFindScopes;
var scopes = await getScopes(scopeFinderContext).ConfigureAwait(false);
if (requirement.PermissionHandler.AllowsScopes(scopes))
{
context.Succeed(requirement);
}
}
