private bool ValidateClaimValues(
string[] claimValues,
ClaimParameter claimParameter)
{
if (claimParameter.EssentialParameterExist &&
(claimValues == null || claimValues.Any()) &&
claimParameter.Essential)
{
return(false);
}
if (claimParameter.ValueParameterExist &&
(claimValues == null || !claimValues.Contains(claimParameter.Value)))
{
return(false);
}
if (claimParameter.ValuesParameterExist &&
claimParameter.Values != null &&
(claimValues == null || !claimParameter.Values.All(c => claimValues.Contains(c))))
{
return(false);
}
return(true);
}
private bool ValidateClaimValue(
string claimValue,
ClaimParameter claimParameter)
{
if (claimParameter.EssentialParameterExist &&
string.IsNullOrWhiteSpace(claimValue) &&
claimParameter.Essential)
{
return(false);
}
if (claimParameter.ValueParameterExist &&
claimValue != claimParameter.Value)
{
return(false);
}
if (claimParameter.ValuesParameterExist &&
claimParameter.Values != null &&
claimParameter.Values.Contains(claimValue))
{
return(false);
}
return(true);
}
private static ClaimParameter[] FillInClaimsParameter(
JToken token,
IEnumerable <ClaimParameter> claimParameters)
{
var children = token.Children()
.Select(
child =>
{
var record = new ClaimParameter
{
Name = ((JProperty)child).Name,
Parameters = new Dictionary <string, object>()
};
var subChild = child.Children().FirstOrDefault();
if (subChild != null)
{
var parameters =
JsonConvert.DeserializeObject <Dictionary <string, object> >(subChild.ToString()) !;
record = record with {
Parameters = parameters
};
}
return(record);
});
return(claimParameters.Concat(children).ToArray());
}
private void FillInResourceOwnerClaimsByClaimsParameter(
JwsPayload jwsPayload,
List <ClaimParameter> claimParameters,
ClaimsPrincipal claimsPrincipal,
AuthorizationParameter authorizationParameter)
{
var state = authorizationParameter == null ? string.Empty : authorizationParameter.State;
// 1. Fill-In the subject - set the subject as an essential claim
if (claimParameters.All(c => c.Name != Jwt.Constants.StandardResourceOwnerClaimNames.Subject))
{
var essentialSubjectClaimParameter = new ClaimParameter
{
Name = Jwt.Constants.StandardResourceOwnerClaimNames.Subject,
Parameters = new Dictionary <string, object>
{
{
Constants.StandardClaimParameterValueNames.EssentialName,
true
}
}
};
claimParameters.Add(essentialSubjectClaimParameter);
}
// 2. Fill-In all the other resource owner claims
if (claimParameters == null ||
!claimParameters.Any())
{
return;
}
var resourceOwnerClaimParameters = claimParameters
.Where(c => Jwt.Constants.AllStandardResourceOwnerClaimNames.Contains(c.Name))
.ToList();
if (resourceOwnerClaimParameters.Any())
{
var requestedClaimNames = resourceOwnerClaimParameters.Select(r => r.Name);
var resourceOwnerClaims = GetClaims(requestedClaimNames, claimsPrincipal);
foreach (var resourceOwnerClaimParameter in resourceOwnerClaimParameters)
{
var resourceOwnerClaim = resourceOwnerClaims.FirstOrDefault(c => c.Key == resourceOwnerClaimParameter.Name);
var resourceOwnerClaimValue = resourceOwnerClaim.Equals(default(KeyValuePair <string, string>)) ? string.Empty : resourceOwnerClaim.Value;
var isClaimValid = ValidateClaimValue(resourceOwnerClaimValue, resourceOwnerClaimParameter);
if (!isClaimValid)
{
throw new IdentityServerExceptionWithState(ErrorCodes.InvalidGrant,
string.Format(ErrorDescriptions.TheClaimIsNotValid, resourceOwnerClaimParameter.Name),
state);
}
jwsPayload.Add(resourceOwnerClaim.Key, resourceOwnerClaim.Value);
}
}
}
private bool ValidateClaimValue(object claimValue, ClaimParameter claimParameter)
{
if (claimParameter.EssentialParameterExist && (claimValue == null || string.IsNullOrWhiteSpace(claimValue.ToString())) && claimParameter.Essential)
{
return(false);
}
if (claimParameter.ValueParameterExist && claimValue.ToString() != claimParameter.Value)
{
return(false);
}
if (claimParameter.ValuesParameterExist &&
claimParameter.Values != null &&
claimParameter.Values.Contains(claimValue))
{
return(false);
}
return(true);
}
private static void FillInClaimsParameter(
JToken token,
List <ClaimParameter> claimParameters)
{
foreach (var child in token.Children())
{
var record = new ClaimParameter
{
Name = ((JProperty)child).Name,
Parameters = new Dictionary <string, object>()
};
claimParameters.Add(record);
var subChild = child.Children().FirstOrDefault();
if (subChild == null)
{
continue;
}
var parameters = JsonConvert.DeserializeObject <Dictionary <string, object> >(subChild.ToString());
record.Parameters = parameters;
}
}
