From 7612ce1e8babf8baa03096e8613827c8cdc7ec57 Mon Sep 17 00:00:00 2001 From: Paul Schneider Date: Sat, 15 Feb 2025 20:06:07 +0000 Subject: [PATCH] custom ProfileService --- src/Yavsc.Abstract/Constants.cs | 2 ++ src/Yavsc.Server/Services/ProfileService.cs | 10 ++++++---- src/Yavsc/Extensions/HostingExtensions.cs | 2 +- src/sampleWebAsWebApiClient/Startup.cs | 13 +++++++------ 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/Yavsc.Abstract/Constants.cs b/src/Yavsc.Abstract/Constants.cs index c84eabaf..b6c7bf2e 100644 --- a/src/Yavsc.Abstract/Constants.cs +++ b/src/Yavsc.Abstract/Constants.cs @@ -54,5 +54,7 @@ namespace Yavsc public const string LivePath = "/live/cast"; public const string StreamingPath = "/api/stream/put"; + + public const string RoleClaimName = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"; } } diff --git a/src/Yavsc.Server/Services/ProfileService.cs b/src/Yavsc.Server/Services/ProfileService.cs index b7705219..fb961a68 100644 --- a/src/Yavsc.Server/Services/ProfileService.cs +++ b/src/Yavsc.Server/Services/ProfileService.cs @@ -30,9 +30,11 @@ namespace Yavsc.Services foreach (var scope in context.RequestedResources.ParsedScopes) { - claims.Add(new Claim(JwtClaimTypes.Scope, scope.ParsedName)); - claimAdds.Add(scope.ParsedName); - // TODO scope has a ParsedParameter + if (context.Client.AllowedScopes.Contains(scope.ParsedName)) + { + claims.Add(new Claim(JwtClaimTypes.Scope, scope.ParsedName)); + claimAdds.Add(scope.ParsedName); + } } if (claimAdds.Contains(JwtClaimTypes.Profile)) @@ -54,7 +56,7 @@ namespace Yavsc.Services var roles = await this._userManager.GetRolesAsync(user); if (roles.Count()>0) { - claims.Add(new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role",String.Join(" ",roles))); + claims.AddRange(roles.Select(r => new Claim(Constants.RoleClaimName, r))); } } return claims; diff --git a/src/Yavsc/Extensions/HostingExtensions.cs b/src/Yavsc/Extensions/HostingExtensions.cs index 67fc960a..1158b8d2 100644 --- a/src/Yavsc/Extensions/HostingExtensions.cs +++ b/src/Yavsc/Extensions/HostingExtensions.cs @@ -146,7 +146,7 @@ public static class HostingExtensions AddIdentityDBAndStores(builder).AddDefaultTokenProviders();; - AddIdentityServer(builder); + AddIdentityServer(builder).AddProfileService(); //services.AddScoped(); services.AddSession(); diff --git a/src/sampleWebAsWebApiClient/Startup.cs b/src/sampleWebAsWebApiClient/Startup.cs index 9abcab39..deb2a39c 100644 --- a/src/sampleWebAsWebApiClient/Startup.cs +++ b/src/sampleWebAsWebApiClient/Startup.cs @@ -1,3 +1,4 @@ +using IdentityModel; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; @@ -5,6 +6,7 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; +using Yavsc; public class Startup { @@ -34,12 +36,11 @@ public class Startup options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = true; options.ClaimActions.MapUniqueJsonKey( - "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", - "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"); - options.ClaimActions.MapUniqueJsonKey("role", - "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"); - options.ClaimActions.MapUniqueJsonKey("roles", - "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"); + Constants.RoleClaimName, + Constants.RoleClaimName); + options.ClaimActions.MapUniqueJsonKey( + JwtClaimTypes.Scope, + JwtClaimTypes.Scope); options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name",