public async Task <IActionResult> Register(RegisterViewModel model) { if (await _manager.FindByClientIdAsync(model.ClientId) == null) { var descriptor = new OpenIddictApplicationDescriptor { ClientId = model.ClientId, ClientSecret = model.ClientSecret, DisplayName = model.DisplayName, PostLogoutRedirectUris = { model.PostLogoutRedirectUris }, RedirectUris = { model.RedirectUris }, Permissions = { OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.Endpoints.Logout, OpenIddictConstants.Permissions.Endpoints.Token, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, OpenIddictConstants.Permissions.GrantTypes.RefreshToken, OpenIddictConstants.Permissions.Scopes.Email, CustomScopes.PermissionMeasurements(), CustomScopes.PermissionGender(), CustomScopes.PermissionName() } }; var setApplicationResult = _manager.CreateAsync(descriptor); if (!setApplicationResult.IsFaulted) { StatusMessage = "Your application has been registered"; return(RedirectToAction(nameof(Register))); } ModelState.AddModelError(String.Empty, setApplicationResult.Exception.Message); } //if we get here something is wrong re displaying form. StatusMessage = "Error: Something went wrong"; return(RedirectToAction(nameof(Register))); }
private async Task <AuthenticationTicket> CreateTicketAsync( OpenIdConnectRequest oidcRequest, ApplicationUser user, AuthenticationProperties properties = null) { // Create a new ClaimsPrincipal containing the claims that // will be used to create an id_token, a token or a code. var principal = await _signInManager.CreateUserPrincipalAsync(user); // Create a new authentication ticket holding the user identity. var ticket = new AuthenticationTicket(principal, properties, OpenIddictServerDefaults.AuthenticationScheme); if (!oidcRequest.IsAuthorizationCodeGrantType()) { // Set the list of scopes granted to the client application. // Note: the offline_access scope must be granted // to allow OpenIddict to return a refresh token. ticket.SetScopes(new[] { OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile, CustomScopes.Measurements(), CustomScopes.Gender(), OpenIdConnectConstants.Scopes.OfflineAccess, OpenIddictConstants.Scopes.Roles }.Intersect(oidcRequest.GetScopes())); } ticket.SetResources("resource_server"); // Note: by default, claims are NOT automatically included in the access and identity tokens. // To allow OpenIddict to serialize them, you must attach them a destination, that specifies // whether they should be included in access tokens, in identity tokens or in both. foreach (var claim in ticket.Principal.Claims) { // Never include the security stamp in the access and identity tokens, as it's a secret value. if (claim.Type == _identityOptions.Value.ClaimsIdentity.SecurityStampClaimType) { continue; } var destinations = new List <string> { OpenIdConnectConstants.Destinations.AccessToken }; // Only add the iterated claim to the id_token if the corresponding scope was granted to the client application. // The other claims will only be added to the access_token, which is encrypted when using the default format. if ((claim.Type == OpenIdConnectConstants.Claims.Name && ticket.HasScope(OpenIdConnectConstants.Scopes.Profile)) || (claim.Type == OpenIdConnectConstants.Claims.Email && ticket.HasScope(OpenIdConnectConstants.Scopes.Email)) || (claim.Type == OpenIdConnectConstants.Claims.Role && ticket.HasScope(OpenIddictConstants.Scopes.Roles))) { destinations.Add(OpenIdConnectConstants.Destinations.IdentityToken); } claim.SetDestinations(destinations); } return(ticket); }