protected internal virtual void AdjustIdentityProviderClaimIfNecessary(string authenticationScheme, IClaimBuilderCollection claims)
{
if (authenticationScheme == null)
{
throw new ArgumentNullException(nameof(authenticationScheme));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
if (!this.AdjustIdentityProviderClaim)
{
return;
}
var identityProviderClaim = claims.FindFirstIdentityProviderClaim();
if (identityProviderClaim == null)
{
return;
}
if (string.Equals(authenticationScheme, identityProviderClaim.Value, StringComparison.OrdinalIgnoreCase))
{
return;
}
identityProviderClaim.Value = authenticationScheme;
identityProviderClaim.Issuer = identityProviderClaim.OriginalIssuer = null;
}
protected internal virtual void AddAuthenticationSchemeAsIdentityProviderClaimIfNecessary(string authenticationScheme, IClaimBuilderCollection claims)
{
if (authenticationScheme == null)
{
throw new ArgumentNullException(nameof(authenticationScheme));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
if (!this.IncludeAuthenticationSchemeAsIdentityProviderClaim)
{
return;
}
var identityProviderClaim = claims.FindFirstIdentityProviderClaim();
if (identityProviderClaim != null)
{
return;
}
claims.Add(ExtendedClaimTypes.IdentityProvider, authenticationScheme);
}
public virtual async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
{
try
{
if (authenticateResult == null)
{
throw new ArgumentNullException(nameof(authenticateResult));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
if (!this.IsActiveLoginAuthenticationScheme(authenticationScheme))
{
return;
}
var identityProviderClaim = claims.FindFirstIdentityProviderClaim();
if (identityProviderClaim == null)
{
identityProviderClaim = new ClaimBuilder
{
Type = ExtendedClaimTypes.IdentityProvider,
};
claims.Add(identityProviderClaim);
}
identityProviderClaim.Issuer = identityProviderClaim.OriginalIssuer = null;
identityProviderClaim.Value = this.IdentityProvider;
var originalIdentityProviderClaim = authenticateResult.Principal.Claims.FindFirstIdentityProviderClaim();
if (originalIdentityProviderClaim != null)
{
claims.Add(new ClaimBuilder(originalIdentityProviderClaim)
{
Type = this.OriginalIdentityProviderClaimType
});
}
await Task.CompletedTask.ConfigureAwait(false);
}
catch (Exception exception)
{
const string message = "Could not decorate active-login-callback.";
this.Logger.LogErrorIfEnabled(exception, message);
throw new InvalidOperationException(message, exception);
}
}
protected internal virtual async Task <ExtendedIdentityServerUser> ResolveUserAsync(string authenticationScheme, IClaimBuilderCollection claims)
{
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
claims = claims.Clone();
var uniqueIdentifierClaim = claims.FindFirstUniqueIdentifierClaim();
if (uniqueIdentifierClaim == null)
{
throw new InvalidOperationException($"There is no unique-identifier-claim for authentication-scheme \"{authenticationScheme}\".");
}
var uniqueIdentifier = uniqueIdentifierClaim.Value;
claims.Remove(uniqueIdentifierClaim);
var identityProviderClaim = claims.FindFirstIdentityProviderClaim();
var identityProvider = identityProviderClaim?.Value ?? authenticationScheme;
if (identityProviderClaim != null)
{
claims.Remove(identityProviderClaim);
}
var user = await this.Facade.Identity.ResolveUserAsync(claims, identityProvider, uniqueIdentifier);
var nameClaim = claims.FindFirstNameClaim();
var name = nameClaim?.Value;
if (nameClaim != null)
{
claims.Remove(nameClaim);
}
return(new ExtendedIdentityServerUser(user.Id)
{
AdditionalClaims = claims.Build(),
DisplayName = name,
IdentityProvider = identityProvider,
ProviderUserId = uniqueIdentifier
});
}
protected internal virtual async Task ResolveUniqueIdentifier(string authenticationScheme, IClaimBuilderCollection claims)
{
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
var uniqueIdentifierClaim = claims.FindFirstUniqueIdentifierClaim();
if (uniqueIdentifierClaim == null)
{
throw new InvalidOperationException($"There is no unique-identifier-claim for authentication-scheme \"{authenticationScheme}\".");
}
var identityProvider = claims.FindFirstIdentityProviderClaim()?.Value ?? authenticationScheme;
uniqueIdentifierClaim.Value = this.GetOrCreateUniqueIdentifier(identityProvider, uniqueIdentifierClaim.Value);
uniqueIdentifierClaim.Issuer = uniqueIdentifierClaim.OriginalIssuer = uniqueIdentifierClaim.ValueType = null;
await Task.CompletedTask.ConfigureAwait(false);
}
