Skip to content

Commit

Permalink
Update the server samples to add a "preferred_username" claim to iden…
Browse files Browse the repository at this point in the history 
…tity tokens
  • Loading branch information
@kevinchalet
kevinchalet committed Jan 23, 2024
1 parent e44fce3 commit 2ed4735
Show file tree
Hide file tree
Showing 15 changed files with 56 additions and 13 deletions.
5 changes: 4 additions & 1 deletion samples/Balosar/Balosar.Server/Controllers/AuthenticationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,10 @@ public async Task<ActionResult> LogInCallback()
}

// Build an identity based on the external claims and that will be used to create the authentication cookie.
var identity = new ClaimsIdentity(authenticationType: "ExternalLogin");
var identity = new ClaimsIdentity(
authenticationType: "ExternalLogin",
nameType: ClaimTypes.Name,
roleType: ClaimTypes.Role);

// By default, OpenIddict will automatically try to map the email/name and name identifier claims from
// their standard OpenID Connect or provider-specific equivalent, if available. If needed, additional
Expand Down
5 changes: 4 additions & 1 deletion samples/Balosar/Balosar.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ public async Task<IActionResult> Authorize()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -234,6 +235,7 @@ public async Task<IActionResult> Accept()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -333,6 +335,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

identity.SetDestinations(GetDestinations);
Expand All @@ -352,7 +355,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
5 changes: 4 additions & 1 deletion samples/Dantooine/Dantooine.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ public async Task<IActionResult> Authorize()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -234,6 +235,7 @@ public async Task<IActionResult> Accept()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -333,6 +335,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

identity.SetDestinations(GetDestinations);
Expand All @@ -352,7 +355,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
5 changes: 4 additions & 1 deletion samples/Dantooine/Dantooine.WebAssembly.Server/Controllers/AuthenticationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,10 @@ public async Task<ActionResult> LogInCallback()
}

// Build an identity based on the external claims and that will be used to create the authentication cookie.
var identity = new ClaimsIdentity(authenticationType: "ExternalLogin");
var identity = new ClaimsIdentity(
authenticationType: "ExternalLogin",
nameType: ClaimTypes.Name,
roleType: ClaimTypes.Role);

// By default, OpenIddict will automatically try to map the email/name and name identifier claims from
// their standard OpenID Connect or provider-specific equivalent, if available. If needed, additional
Expand Down
4 changes: 3 additions & 1 deletion samples/Fornax/Fornax.Server/Connect/Authorize.aspx.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ protected void Page_Load(object sender, EventArgs e) => RegisterAsyncTask(new Pa
identity.SetClaim(Claims.Subject, user.Id)
.SetClaim(Claims.Email, user.Email)
.SetClaim(Claims.Name, user.UserName)
.SetClaim(Claims.PreferredUsername, user.UserName)
.SetClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -214,6 +215,7 @@ protected void Accept(object sender, EventArgs e) => RegisterAsyncTask(new PageA
identity.SetClaim(Claims.Subject, user.Id)
.SetClaim(Claims.Email, user.Email)
.SetClaim(Claims.Name, user.UserName)
.SetClaim(Claims.PreferredUsername, user.UserName)
.SetClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -266,7 +268,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
3 changes: 2 additions & 1 deletion samples/Hollastin/Hollastin.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Set the list of scopes granted to the client application.
Expand Down Expand Up @@ -105,7 +106,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
4 changes: 3 additions & 1 deletion samples/Imynusoph/Imynusoph.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -128,6 +129,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

identity.SetDestinations(GetDestinations);
Expand All @@ -146,7 +148,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
1 change: 1 addition & 0 deletions samples/Kalarba/Kalarba.Server/Startup.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ public void Configuration(IAppBuilder app)
// Add the claims that will be persisted in the tokens.
identity.AddClaim(new Claim(Claims.Subject, "999d4ea0-164f-4c1b-8585-b83f313995c9"));
identity.AddClaim(new Claim(Claims.Name, "Alice").SetDestinations(Destinations.AccessToken));
identity.AddClaim(new Claim(Claims.PreferredUsername, "Alice").SetDestinations(Destinations.AccessToken));

context.SignIn(new ClaimsPrincipal(identity));

Expand Down
4 changes: 3 additions & 1 deletion samples/Matty/Matty.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ public async Task<IActionResult> VerifyAccept()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -190,6 +191,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

identity.SetDestinations(GetDestinations);
Expand All @@ -209,7 +211,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
7 changes: 6 additions & 1 deletion samples/Mimban/Mimban.Server/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,11 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
// Resolve the claims extracted by OpenIddict from the userinfo response returned by GitHub.
var result = await context.AuthenticateAsync(OpenIddictClientAspNetCoreDefaults.AuthenticationScheme);

var identity = new ClaimsIdentity(authenticationType: "ExternalLogin");
var identity = new ClaimsIdentity(
authenticationType: "ExternalLogin",
nameType: ClaimTypes.Name,
roleType: ClaimTypes.Role);

identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, result.Principal!.FindFirst("id")!.Value));

var properties = new AuthenticationProperties
Expand Down Expand Up @@ -203,6 +207,7 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
// Import a few select claims from the identity stored in the local cookie.
identity.AddClaim(new Claim(Claims.Subject, identifier));
identity.AddClaim(new Claim(Claims.Name, identifier).SetDestinations(Destinations.AccessToken));
identity.AddClaim(new Claim(Claims.PreferredUsername, identifier).SetDestinations(Destinations.AccessToken));

return Results.SignIn(new ClaimsPrincipal(identity), properties: null, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
});
Expand Down
5 changes: 4 additions & 1 deletion samples/Mortis/Mortis.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ public async Task<ActionResult> Authorize()
identity.SetClaim(Claims.Subject, user.Id)
.SetClaim(Claims.Email, user.Email)
.SetClaim(Claims.Name, user.UserName)
.SetClaim(Claims.PreferredUsername, user.UserName)
.SetClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -225,6 +226,7 @@ public async Task<ActionResult> Accept()
identity.SetClaim(Claims.Subject, user.Id)
.SetClaim(Claims.Email, user.Email)
.SetClaim(Claims.Name, user.UserName)
.SetClaim(Claims.PreferredUsername, user.UserName)
.SetClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -344,6 +346,7 @@ public async Task<ActionResult> Exchange()
identity.SetClaim(Claims.Subject, user.Id)
.SetClaim(Claims.Email, user.Email)
.SetClaim(Claims.Name, user.UserName)
.SetClaim(Claims.PreferredUsername, user.UserName)
.SetClaims(Claims.Role, (await context.Get<ApplicationUserManager>().GetRolesAsync(user.Id)).ToImmutableArray());

identity.SetDestinations(GetDestinations);
Expand All @@ -365,7 +368,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
5 changes: 4 additions & 1 deletion samples/Velusia/Velusia.Client/Controllers/AuthenticationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,10 @@ public async Task<ActionResult> LogInCallback()
}

// Build an identity based on the external claims and that will be used to create the authentication cookie.
var identity = new ClaimsIdentity(authenticationType: "ExternalLogin");
var identity = new ClaimsIdentity(
authenticationType: "ExternalLogin",
nameType: ClaimTypes.Name,
roleType: ClaimTypes.Role);

// By default, OpenIddict will automatically try to map the email/name and name identifier claims from
// their standard OpenID Connect or provider-specific equivalent, if available. If needed, additional
Expand Down
5 changes: 4 additions & 1 deletion samples/Velusia/Velusia.Server/Controllers/AuthenticationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,10 @@ public async Task<ActionResult> LogInCallback()
}

// Build an identity based on the external claims and that will be used to create the authentication cookie.
var identity = new ClaimsIdentity(authenticationType: "ExternalLogin");
var identity = new ClaimsIdentity(
authenticationType: "ExternalLogin",
nameType: ClaimTypes.Name,
roleType: ClaimTypes.Role);

// By default, OpenIddict will automatically try to map the email/name and name identifier claims from
// their standard OpenID Connect or provider-specific equivalent, if available. If needed, additional
Expand Down
5 changes: 4 additions & 1 deletion samples/Velusia/Velusia.Server/Controllers/AuthorizationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ public async Task<IActionResult> Authorize()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -234,6 +235,7 @@ public async Task<IActionResult> Accept()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

// Note: in this sample, the granted scopes match the requested scope
Expand Down Expand Up @@ -333,6 +335,7 @@ public async Task<IActionResult> Exchange()
identity.SetClaim(Claims.Subject, await _userManager.GetUserIdAsync(user))
.SetClaim(Claims.Email, await _userManager.GetEmailAsync(user))
.SetClaim(Claims.Name, await _userManager.GetUserNameAsync(user))
.SetClaim(Claims.PreferredUsername, await _userManager.GetUserNameAsync(user))
.SetClaims(Claims.Role, (await _userManager.GetRolesAsync(user)).ToImmutableArray());

identity.SetDestinations(GetDestinations);
Expand All @@ -352,7 +355,7 @@ private static IEnumerable<string> GetDestinations(Claim claim)

switch (claim.Type)
{
case Claims.Name:
case Claims.Name or Claims.PreferredUsername:
yield return Destinations.AccessToken;

if (claim.Subject.HasScope(Scopes.Profile))
Expand Down
6 changes: 6 additions & 0 deletions samples/Zirku/Zirku.Server/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,12 @@ await manager.CreateAsync(new OpenIddictScopeDescriptor
2 => "Bob",
_ => throw new InvalidOperationException()
}));
identity.AddClaim(new Claim(Claims.PreferredUsername, identifier switch
{
1 => "Alice",
2 => "Bob",
_ => throw new InvalidOperationException()
}));

// Note: in this sample, the client is granted all the requested scopes for the first identity (Alice)
// but for the second one (Bob), only the "api1" scope can be granted, which will cause requests sent
Expand Down

0 comments on commit 2ed4735

Please sign in to comment.