public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var existingClaims = context.Subject.Claims; var newClaims = new List <Claim>(); var user = await _userService.GetUserByPrincipalAsync(context.Subject); if (user != null) { var isPremium = await _licensingService.ValidateUserPremiumAsync(user); newClaims.AddRange(new List <Claim> { new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean), new Claim(JwtClaimTypes.Email, user.Email), new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false", ClaimValueTypes.Boolean), new Claim("sstamp", user.SecurityStamp) }); if (!string.IsNullOrWhiteSpace(user.Name)) { newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name)); } // Orgs that this user belongs to var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id); if (orgs.Any()) { foreach (var group in orgs.GroupBy(o => o.Type)) { switch (group.Key) { case Enums.OrganizationUserType.Owner: foreach (var org in group) { newClaims.Add(new Claim("orgowner", org.Id.ToString())); } break; case Enums.OrganizationUserType.Admin: foreach (var org in group) { newClaims.Add(new Claim("orgadmin", org.Id.ToString())); } break; case Enums.OrganizationUserType.User: foreach (var org in group) { newClaims.Add(new Claim("orguser", org.Id.ToString())); } break; default: break; } } } } // filter out any of the new claims var existingClaimsToKeep = existingClaims .Where(c => !c.Type.StartsWith("org") && (newClaims.Count == 0 || !newClaims.Any(nc => nc.Type == c.Type))) .ToList(); newClaims.AddRange(existingClaimsToKeep); if (newClaims.Any()) { context.AddRequestedClaims(newClaims); } }
public async Task <Client> FindClientByIdAsync(string clientId) { if (!_globalSettings.SelfHosted && clientId.StartsWith("installation.")) { var idParts = clientId.Split('.'); if (idParts.Length > 1 && Guid.TryParse(idParts[1], out Guid id)) { var installation = await _installationRepository.GetByIdAsync(id); if (installation != null) { return(new Client { ClientId = $"installation.{installation.Id}", RequireClientSecret = true, ClientSecrets = { new Secret(installation.Key.Sha256()) }, AllowedScopes = new string[] { "api.push", "api.licensing" }, AllowedGrantTypes = GrantTypes.ClientCredentials, AccessTokenLifetime = 3600 * 24, Enabled = installation.Enabled, Claims = new List <ClientClaim> { new ClientClaim(JwtClaimTypes.Subject, installation.Id.ToString()) } }); } } } else if (_globalSettings.SelfHosted && clientId.StartsWith("internal.") && CoreHelpers.SettingHasValue(_globalSettings.InternalIdentityKey)) { var idParts = clientId.Split('.'); if (idParts.Length > 1) { var id = idParts[1]; if (!string.IsNullOrWhiteSpace(id)) { return(new Client { ClientId = $"internal.{id}", RequireClientSecret = true, ClientSecrets = { new Secret(_globalSettings.InternalIdentityKey.Sha256()) }, AllowedScopes = new string[] { "internal" }, AllowedGrantTypes = GrantTypes.ClientCredentials, AccessTokenLifetime = 3600 * 24, Enabled = true, Claims = new List <ClientClaim> { new ClientClaim(JwtClaimTypes.Subject, id) } }); } } } else if (clientId.StartsWith("organization.")) { var idParts = clientId.Split('.'); if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id)) { var org = await _organizationRepository.GetByIdAsync(id); if (org != null) { return(new Client { ClientId = $"organization.{org.Id}", RequireClientSecret = true, ClientSecrets = { new Secret(org.ApiKey.Sha256()) }, AllowedScopes = new string[] { "api.organization" }, AllowedGrantTypes = GrantTypes.ClientCredentials, AccessTokenLifetime = 3600 * 1, Enabled = org.Enabled && org.UseApi, Claims = new List <ClientClaim> { new ClientClaim(JwtClaimTypes.Subject, org.Id.ToString()) } }); } } } else if (clientId.StartsWith("user.")) { var idParts = clientId.Split('.'); if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id)) { var user = await _userRepository.GetByIdAsync(id); if (user != null) { var claims = new Collection <ClientClaim>() { new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()), new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external") }; var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id); var isPremium = await _licensingService.ValidateUserPremiumAsync(user); foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium)) { var upperValue = claim.Value.ToUpperInvariant(); var isBool = upperValue == "TRUE" || upperValue == "FALSE"; claims.Add(isBool ? new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) : new ClientClaim(claim.Key, claim.Value) ); } return(new Client { ClientId = clientId, RequireClientSecret = true, ClientSecrets = { new Secret(user.ApiKey.Sha256()) }, AllowedScopes = new string[] { "api" }, AllowedGrantTypes = GrantTypes.ClientCredentials, AccessTokenLifetime = 3600 * 1, ClientClaimsPrefix = null, Claims = claims }); } } } return(_staticClientStore.ApiClients.ContainsKey(clientId) ? _staticClientStore.ApiClients[clientId] : null); }