public UserController(UserManager <User> userManager, IUserService userService, ILogger <UserController> logger,
IRepository <WeChatAccount> wechatAccountRepo, ChatyApiService chatyApiService, IOptions <ExternalIdentityServiceOptions> idpOptions)
{
_userManager = userManager;
_userService = userService;
_wechatAccountRepo = wechatAccountRepo;
_chatyApiService = chatyApiService;
_idpOptions = idpOptions?.Value;
_logger = logger;
}
private static void ConfigureExternalIdp(IServiceCollection services, ExternalIdentityServiceOptions parsedConfiguration)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.CallbackPath = "/oidc-callback";
options.Authority = parsedConfiguration.Authority;
options.RequireHttpsMetadata = parsedConfiguration.RequireHttpsMetadata;
options.ClientId = parsedConfiguration.ClientId;
options.ClientSecret = parsedConfiguration.ClientSecret;
options.ResponseType = "code id_token";
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Clear();
options.Scope.Add(OidcConstants.StandardScopes.OpenId);
options.Scope.Add(OidcConstants.StandardScopes.Profile);
options.Scope.Add(OidcConstants.StandardScopes.Email);
options.Scope.Add(OidcConstants.StandardScopes.Phone);
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = parsedConfiguration.ClientId,
ValidIssuer = parsedConfiguration.Authority
};
options.Events.OnAuthorizationCodeReceived = context =>
{
var jti = context.JwtSecurityToken.Claims.FirstOrDefault(c => c.Type == JwtClaimTypes.JwtId)?.Value;
context.TokenEndpointRequest.SetParameter("client_session_state", jti); // local user session key id
// context.TokenEndpointRequest.SetParameter("client_session_host", "localhost:8080"); // web server instance name... https://${application.session.host}.app.com/k_logout
return(Task.CompletedTask);
};
options.Events.OnTicketReceived = async context =>
{
var externalSignOutManager = context.HttpContext.RequestServices.GetService <ExternalSigninManager>();
context.Principal = await externalSignOutManager.TransformToDiscussionUser(context.HttpContext, context.Principal.Claims.ToList());
};
// for Keycloak Back Channel Logout
options.RemoteSignOutPath = "/k_logout";
options.Events.OnRemoteSignOut = async context =>
{
var externalSignOutManager = context.HttpContext.RequestServices.GetService <ExternalSigninManager>();
await externalSignOutManager.TrySignOutLocalSession(context);
};
});
}
public KeyCloakUserUpdater(IOptions <ExternalIdentityServiceOptions> smsSendingOptions, HttpMessageInvoker httpInvoker, ILogger <KeyCloakUserUpdater> logger, IAvatarUrlService avatarUrlService)
{
_httpInvoker = httpInvoker;
_logger = logger;
_avatarUrlService = avatarUrlService;
_externalIdpOptions = smsSendingOptions.Value;
var idpAuthorityUrl = new Uri(_externalIdpOptions.Authority);
_keyCloakBaseUrl = idpAuthorityUrl.GetComponents(UriComponents.Scheme | UriComponents.Host | UriComponents.Port, UriFormat.Unescaped);
}
public ExternalSigninManager(ILogger <ExternalSigninManager> logger,
IRepository <User> userRepo, IOptions <ExternalIdentityServiceOptions> idpOptions,
SiteSettings siteSettings, IRepository <VerifiedPhoneNumber> phoneNumberVerificationRepo,
UserManager <User> userManager, IUserClaimsPrincipalFactory <User> principalFactory, IClock clock, IRepository <SessionRevocationRecord> sessionRevocationRepo)
{
_logger = logger;
_userRepo = userRepo;
_idpOptions = idpOptions.Value;
_siteSettings = siteSettings;
_phoneNumberVerificationRepo = phoneNumberVerificationRepo;
_userManager = userManager;
_principalFactory = principalFactory;
_clock = clock;
_sessionRevocationRepo = sessionRevocationRepo;
}
public AccountController(
UserManager <User> userManager,
SignInManager <User> signInManager,
IUserService userService,
ILogger <AccountController> logger,
IRepository <User> userRepo,
IClock clock,
SiteSettings settings,
IOptions <ExternalIdentityServiceOptions> idpOptions, IRepository <VerifiedPhoneNumber> phoneNumberVerificationRepo)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
_userRepo = userRepo;
_clock = clock;
_settings = settings;
_phoneNumberVerificationRepo = phoneNumberVerificationRepo;
_idpOptions = idpOptions.Value;
_userService = userService;
}
public DefaultUserService(IOptions <ExternalIdentityServiceOptions> idpOptions, IRepository <User> userRepo,
UserManager <User> userManager,
IEmailDeliveryMethod emailDeliveryMethod,
IUrlHelper urlHelper,
IConfirmationEmailBuilder confirmationEmailBuilder,
IResetPasswordEmailBuilder resetPasswordEmailBuilder,
IPhoneNumberVerificationService phoneNumberVerificationService,
IRepository <VerifiedPhoneNumber> verifiedPhoneNumberRepo, IClock clock, Lazy <KeyCloakUserUpdater> keyCloakUserUpdater, IOptions <ExternalIdentityServiceOptions> externalIdp)
{
_idpOptions = idpOptions.Value;
_userRepo = userRepo;
_userManager = userManager;
_emailDeliveryMethod = emailDeliveryMethod;
_resetPasswordEmailBuilder = resetPasswordEmailBuilder;
_urlHelper = urlHelper;
_confirmationEmailBuilder = confirmationEmailBuilder;
_phoneNumberVerificationService = phoneNumberVerificationService;
_verifiedPhoneNumberRepo = verifiedPhoneNumberRepo;
_clock = clock;
_keyCloakUserUpdater = keyCloakUserUpdater;
_externalIdpOptions = externalIdp?.Value;
}
