imhven
/
abp
mirror of https://github.com/abpframework/abp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16537 from abpframework/IAbpOpenIddictClaimsPrincipalHandler

Browse Source 
Refactor `ClaimsPrincipal` handle way of OpenIddict.
pull/16498/head
liangshiwei 2 years ago committed by GitHub
parent 42c1619593 fa96b44d8f
commit 748e1d5db6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 99 additions and 97 deletions
Show Stats Download Patch File Download Diff File

6
docs/en/Community-Articles/2022-11-14-How-to-add-a-custom-grant-type-in-OpenIddict/POST.md
Unescape View File

@ -71,7 +71,13 @@ public class MyTokenExtensionGrant : ITokenExtensionGrant
var claimsPrincipal = await userClaimsPrincipalFactory.CreateAsync(user);
claimsPrincipal.SetScopes(principal.GetScopes());
claimsPrincipal.SetResources(await GetResourcesAsync(context, principal.GetScopes()));
//abp version < 7.3
await context.HttpContext.RequestServices.GetRequiredService<AbpOpenIddictClaimDestinationsManager>().SetAsync(principal);
//For abp version >= 7.3
await context.HttpContext.RequestServices.GetRequiredService<AbpOpenIddictClaimsPrincipalManager>().HandleAsync(context.Request, principal);
return new SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, claimsPrincipal);
}

12
docs/en/Modules/OpenIddict.md
Unescape View File

@ -323,16 +323,16 @@ Configure<TokenCleanupOptions>(options =>
[Claims Principal Factory](https://docs.abp.io/en/abp/latest/Authorization#claims-principal-factory) can be used to add/remove claims to the `ClaimsPrincipal`.
The `AbpDefaultOpenIddictClaimDestinationsProvider` service will add `Name`, `Email,` and `Role` types of Claims to `access_token` and `id_token`, other claims are only added to `access_token` by default, and remove the `SecurityStampClaimType` secret claim of `Identity`.
The `AbpDefaultOpenIddictClaimsPrincipalHandler` service will add `Name`, `Email,` and `Role` types of Claims to `access_token` and `id_token`, other claims are only added to `access_token` by default, and remove the `SecurityStampClaimType` secret claim of `Identity`.
Create a service that inherits from `IAbpOpenIddictClaimDestinationsProvider` and add it to DI to fully control the destinations of claims.
Create a service that inherits from `IAbpOpenIddictClaimsPrincipalHandler` and add it to DI to fully control the destinations of claims.
```cs
public class MyClaimDestinationsProvider : IAbpOpenIddictClaimDestinationsProvider, ITransientDependency
public class MyClaimDestinationsHandler : IAbpOpenIddictClaimsPrincipalHandler, ITransientDependency
{
public virtual Task SetDestinationsAsync(AbpOpenIddictClaimDestinationsProviderContext context)
public virtual Task HandleAsync(AbpOpenIddictClaimsPrincipalHandlerContext context)
{
foreach (var claim in context.Claims)
foreach (var claim in context.Principal.Claims)
{
if (claim.Type == MyClaims.MyClaimsType)
{
@ -351,7 +351,7 @@ public class MyClaimDestinationsProvider : IAbpOpenIddictClaimDestinationsProvid
Configure<AbpOpenIddictClaimDestinationsOptions>(options =>
{
options.ClaimDestinationsProvider.Add<MyClaimDestinationsProvider>();
options.ClaimsPrincipalHandlers.Add<MyClaimDestinationsHandler>();
});
```

2
modules/openiddict/app/OpenIddict.Demo.Server/ExtensionGrants/MyTokenExtensionGrant.cs
Unescape View File

@ -78,7 +78,7 @@ public class MyTokenExtensionGrant : ITokenExtensionGrant
var claimsPrincipal = await userClaimsPrincipalFactory.CreateAsync(user);
claimsPrincipal.SetScopes(principal.GetScopes());
claimsPrincipal.SetResources(await GetResourcesAsync(context, principal.GetScopes()));
await context.HttpContext.RequestServices.GetRequiredService<AbpOpenIddictClaimDestinationsManager>().SetAsync(principal);
await context.HttpContext.RequestServices.GetRequiredService<AbpOpenIddictClaimsPrincipalManager>().HandleAsync(context.Request, principal);
return new SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, claimsPrincipal);
}

4
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
Unescape View File

@ -22,9 +22,9 @@ public class AbpOpenIddictAspNetCoreModule : AbpModule
{
AddOpenIddictServer(context.Services);
Configure<AbpOpenIddictClaimDestinationsOptions>(options =>
Configure<AbpOpenIddictClaimsPrincipalOptions>(options =>
{
options.ClaimDestinationsProvider.Add<AbpDefaultOpenIddictClaimDestinationsProvider>();
options.ClaimsPrincipalHandlers.Add<AbpDefaultOpenIddictClaimsPrincipalHandler>();
});
Configure<RazorViewEngineOptions>(options =>

32
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/ClaimDestinations/AbpOpenIddictClaimDestinationsManager.cs
Unescape View File

@ -1,32 +0,0 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Volo.Abp.DependencyInjection;
namespace Volo.Abp.OpenIddict;
public class AbpOpenIddictClaimDestinationsManager : ISingletonDependency
{
protected IServiceScopeFactory ServiceScopeFactory { get; }
protected IOptions<AbpOpenIddictClaimDestinationsOptions> Options { get; }
public AbpOpenIddictClaimDestinationsManager(IServiceScopeFactory serviceScopeFactory, IOptions<AbpOpenIddictClaimDestinationsOptions> options)
{
ServiceScopeFactory = serviceScopeFactory;
Options = options;
}
public virtual async Task SetAsync(ClaimsPrincipal principal)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
foreach (var providerType in Options.Value.ClaimDestinationsProvider)
{
var provider = (IAbpOpenIddictClaimDestinationsProvider)scope.ServiceProvider.GetRequiredService(providerType);
await provider.SetDestinationsAsync(new AbpOpenIddictClaimDestinationsProviderContext(scope.ServiceProvider, principal, principal.Claims.ToArray()));
}
}
}
}

13
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/ClaimDestinations/AbpOpenIddictClaimDestinationsOptions.cs
Unescape View File

@ -1,13 +0,0 @@
using Volo.Abp.Collections;
namespace Volo.Abp.OpenIddict;
public class AbpOpenIddictClaimDestinationsOptions
{
public ITypeList<IAbpOpenIddictClaimDestinationsProvider> ClaimDestinationsProvider { get; }
public AbpOpenIddictClaimDestinationsOptions()
{
ClaimDestinationsProvider = new TypeList<IAbpOpenIddictClaimDestinationsProvider>();
}
}

20
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/ClaimDestinations/AbpOpenIddictClaimDestinationsProviderContext.cs
Unescape View File

@ -1,20 +0,0 @@
using System;
using System.Security.Claims;
namespace Volo.Abp.OpenIddict;
public class AbpOpenIddictClaimDestinationsProviderContext
{
public IServiceProvider ScopeServiceProvider { get; }
public ClaimsPrincipal Principal{ get;}
public Claim[] Claims { get; }
public AbpOpenIddictClaimDestinationsProviderContext(IServiceProvider scopeServiceProvider, ClaimsPrincipal principal, Claim[] claims)
{
ScopeServiceProvider = scopeServiceProvider;
Principal = principal;
Claims = claims;
}
}

8
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/ClaimDestinations/IAbpOpenIddictClaimDestinationsProvider.cs
Unescape View File

@ -1,8 +0,0 @@
using System.Threading.Tasks;
namespace Volo.Abp.OpenIddict;
public interface IAbpOpenIddictClaimDestinationsProvider
{
Task SetDestinationsAsync(AbpOpenIddictClaimDestinationsProviderContext context);
}

6
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/ClaimDestinations/AbpDefaultOpenIddictClaimDestinationsProvider.cs → modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Claims/AbpDefaultOpenIddictClaimsPrincipalHandler.cs
Unescape View File

@ -9,16 +9,16 @@ using Volo.Abp.Security.Claims;
namespace Volo.Abp.OpenIddict;
public class AbpDefaultOpenIddictClaimDestinationsProvider : IAbpOpenIddictClaimDestinationsProvider, ITransientDependency
public class AbpDefaultOpenIddictClaimsPrincipalHandler : IAbpOpenIddictClaimsPrincipalHandler, ITransientDependency
{
public virtual Task SetDestinationsAsync(AbpOpenIddictClaimDestinationsProviderContext context)
public virtual Task HandleAsync(AbpOpenIddictClaimsPrincipalHandlerContext context)
{
var securityStampClaimType = context
.ScopeServiceProvider
.GetRequiredService<IOptions<IdentityOptions>>().Value
.ClaimsIdentity.SecurityStampClaimType;
foreach (var claim in context.Claims)
foreach (var claim in context.Principal.Claims)
{
if (claim.Type == AbpClaimTypes.TenantId)
{

21
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Claims/AbpOpenIddictClaimsPrincipalHandlerContext.cs
Unescape View File

@ -0,0 +1,21 @@
using System;
using System.Security.Claims;
using OpenIddict.Abstractions;
namespace Volo.Abp.OpenIddict;
public class AbpOpenIddictClaimsPrincipalHandlerContext
{
public IServiceProvider ScopeServiceProvider { get; }
public OpenIddictRequest OpenIddictRequest { get; }
public ClaimsPrincipal Principal { get;}
public AbpOpenIddictClaimsPrincipalHandlerContext(IServiceProvider scopeServiceProvider, OpenIddictRequest openIddictRequest, ClaimsPrincipal principal)
{
ScopeServiceProvider = scopeServiceProvider;
OpenIddictRequest = openIddictRequest;
Principal = principal;
}
}

32
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Claims/AbpOpenIddictClaimsPrincipalManager.cs
Unescape View File

@ -0,0 +1,32 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using OpenIddict.Abstractions;
using Volo.Abp.DependencyInjection;
namespace Volo.Abp.OpenIddict;
public class AbpOpenIddictClaimsPrincipalManager : ISingletonDependency
{
protected IServiceScopeFactory ServiceScopeFactory { get; }
protected IOptions<AbpOpenIddictClaimsPrincipalOptions> Options { get; }
public AbpOpenIddictClaimsPrincipalManager(IServiceScopeFactory serviceScopeFactory, IOptions<AbpOpenIddictClaimsPrincipalOptions> options)
{
ServiceScopeFactory = serviceScopeFactory;
Options = options;
}
public virtual async Task HandleAsync(OpenIddictRequest openIddictRequest, ClaimsPrincipal principal)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
foreach (var providerType in Options.Value.ClaimsPrincipalHandlers)
{
var provider = (IAbpOpenIddictClaimsPrincipalHandler)scope.ServiceProvider.GetRequiredService(providerType);
await provider.HandleAsync(new AbpOpenIddictClaimsPrincipalHandlerContext(scope.ServiceProvider, openIddictRequest, principal));
}
}
}
}

13
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Claims/AbpOpenIddictClaimsPrincipalOptions.cs
Unescape View File

@ -0,0 +1,13 @@
using Volo.Abp.Collections;
namespace Volo.Abp.OpenIddict;
public class AbpOpenIddictClaimsPrincipalOptions
{
public ITypeList<IAbpOpenIddictClaimsPrincipalHandler> ClaimsPrincipalHandlers { get; }
public AbpOpenIddictClaimsPrincipalOptions()
{
ClaimsPrincipalHandlers = new TypeList<IAbpOpenIddictClaimsPrincipalHandler>();
}
}

8
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Claims/IAbpOpenIddictClaimsPrincipalHandler.cs
Unescape View File

@ -0,0 +1,8 @@
using System.Threading.Tasks;
namespace Volo.Abp.OpenIddict;
public interface IAbpOpenIddictClaimsPrincipalHandler
{
Task HandleAsync(AbpOpenIddictClaimsPrincipalHandlerContext context);
}

7
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AbpOpenIdDictControllerBase.cs
Unescape View File

@ -25,7 +25,7 @@ public abstract class AbpOpenIdDictControllerBase : AbpController
protected IOpenIddictAuthorizationManager AuthorizationManager => LazyServiceProvider.LazyGetRequiredService<IOpenIddictAuthorizationManager>();
protected IOpenIddictScopeManager ScopeManager => LazyServiceProvider.LazyGetRequiredService<IOpenIddictScopeManager>();
protected IOpenIddictTokenManager TokenManager => LazyServiceProvider.LazyGetRequiredService<IOpenIddictTokenManager>();
protected AbpOpenIddictClaimDestinationsManager OpenIddictClaimDestinationsManager => LazyServiceProvider.LazyGetRequiredService<AbpOpenIddictClaimDestinationsManager>();
protected AbpOpenIddictClaimsPrincipalManager OpenIddictClaimsPrincipalManager => LazyServiceProvider.LazyGetRequiredService<AbpOpenIddictClaimsPrincipalManager>();
protected AbpOpenIdDictControllerBase()
{
@ -55,11 +55,6 @@ public abstract class AbpOpenIdDictControllerBase : AbpController
return resources;
}
protected virtual async Task SetClaimsDestinationsAsync(ClaimsPrincipal principal)
{
await OpenIddictClaimDestinationsManager.SetAsync(principal);
}
protected virtual async Task<bool> HasFormValueAsync(string name)
{
if (Request.HasFormContentType)

4
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
Unescape View File

@ -132,7 +132,7 @@ public class AuthorizeController : AbpOpenIdDictControllerBase
principal.SetAuthorizationId(await AuthorizationManager.GetIdAsync(authorization));
await SetClaimsDestinationsAsync(principal);
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
@ -227,7 +227,7 @@ public class AuthorizeController : AbpOpenIdDictControllerBase
principal.SetScopes(request.GetScopes());
principal.SetResources(await GetResourcesAsync(request.GetScopes()));
await SetClaimsDestinationsAsync(principal);
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);

2
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs
Unescape View File

@ -44,7 +44,7 @@ public partial class TokenController
}));
}
await SetClaimsDestinationsAsync(principal);
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);

2
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs
Unescape View File

@ -44,7 +44,7 @@ public partial class TokenController
}));
}
await SetClaimsDestinationsAsync(principal);
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);

2
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
Unescape View File

@ -323,7 +323,7 @@ public partial class TokenController
principal.SetScopes(request.GetScopes());
principal.SetResources(await GetResourcesAsync(request.GetScopes()));
await SetClaimsDestinationsAsync(principal);
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
await IdentitySecurityLogManager.SaveAsync(
new IdentitySecurityLogContext

2
modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs
Unescape View File

@ -44,7 +44,7 @@ public partial class TokenController
}));
}
await SetClaimsDestinationsAsync(principal);
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);

Write Preview
Loading…
Cancel
Save