Fix Weixin NameIdentifier claim value (#671)

* Fix the value declared by the weixin provider NameIdentifier claim

* add test case for weixin provider

* Add a test case with an empty unionid in the WechatTests class

Author: ArcherTrister

src/AspNet.Security.OAuth.Weixin/WeixinAuthenticationConstants.cs

@@ -18,5 +18,6 @@ public static class Claims
         public const string OpenId = "urn:weixin:openid";
         public const string Privilege = "urn:weixin:privilege";
         public const string Province = "urn:weixin:province";
+        public const string UnionId = "urn:weixin:unionid";
     }
 }

src/AspNet.Security.OAuth.Weixin/WeixinAuthenticationHandler.cs

@@ -79,6 +79,10 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
             throw new HttpRequestException("An error occurred while retrieving user information.");
         }
 
+        (var openId, var unionId) = GetUserIdentifier(payload.RootElement);
+        var nameIdentifier = !string.IsNullOrWhiteSpace(unionId) ? unionId : openId;
+        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, nameIdentifier!, ClaimValueTypes.String, Options.ClaimsIssuer));
+
         var principal = new ClaimsPrincipal(identity);
         var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement);
         context.RunClaimActions();
@@ -176,6 +180,11 @@ protected override string BuildChallengeUrl([NotNull] AuthenticationProperties p
         return challengeUrl;
     }
 
+    private static (string? OpenId, string? UnionId) GetUserIdentifier(JsonElement payloadRoot)
+    {
+        return (payloadRoot.GetString("openid"), payloadRoot.GetString("unionid"));
+    }
+
     /// <inheritdoc/>
     protected override string FormatScope()
         => FormatScope(Options.Scope); // TODO This override is the same as the base class' and can be removed in the next major version

src/AspNet.Security.OAuth.Weixin/WeixinAuthenticationOptions.cs

@@ -26,11 +26,11 @@ public WeixinAuthenticationOptions()
         Scope.Add("snsapi_login");
         Scope.Add("snsapi_userinfo");
 
-        ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "unionid");
         ClaimActions.MapJsonKey(ClaimTypes.Name, "nickname");
         ClaimActions.MapJsonKey(ClaimTypes.Gender, "sex");
         ClaimActions.MapJsonKey(ClaimTypes.Country, "country");
         ClaimActions.MapJsonKey(Claims.OpenId, "openid");
+        ClaimActions.MapJsonKey(Claims.UnionId, "unionid");
         ClaimActions.MapJsonKey(Claims.Province, "province");
         ClaimActions.MapJsonKey(Claims.City, "city");
         ClaimActions.MapJsonKey(Claims.HeadImgUrl, "headimgurl");

test/AspNet.Security.OAuth.Providers.Tests/Wechat/WechatTests.cs

@@ -45,4 +45,34 @@ public async Task Can_Sign_In_Using_Wechat(string claimType, string claimValue)
         // Assert
         AssertClaim(claims, claimType, claimValue);
     }
+
+    [Theory]
+    [InlineData(ClaimTypes.NameIdentifier, "my-open-id")]
+    [InlineData(ClaimTypes.Name, "John Smith")]
+    [InlineData(ClaimTypes.Gender, "Male")]
+    [InlineData(ClaimTypes.Country, "CN")]
+    [InlineData("urn:weixin:city", "Beijing")]
+    [InlineData("urn:weixin:headimgurl", "https://weixin.qq.local/image.png")]
+    [InlineData("urn:weixin:openid", "my-open-id")]
+    [InlineData("urn:weixin:privilege", "a,b,c")]
+    [InlineData("urn:weixin:province", "Hebei")]
+    public async Task Can_Sign_In_Using_Weixin_With_No_Unionid(string claimType, string claimValue)
+    {
+        // Arrange
+        static void ConfigureServices(IServiceCollection services)
+        {
+            services.PostConfigureAll<WeixinAuthenticationOptions>((options) =>
+            {
+                options.UserInformationEndpoint = "https://api.weixin.qq.com/sns/userinfo/nounionid";
+            });
+        }
+
+        using var server = CreateTestServer(ConfigureServices);
+
+        // Act
+        var claims = await AuthenticateUserAsync(server);
+
+        // Assert
+        AssertClaim(claims, claimType, claimValue);
+    }
 }

test/AspNet.Security.OAuth.Providers.Tests/Wechat/bundle.json

@@ -30,6 +30,25 @@
           "c"
         ]
       }
+    },
+    {
+      "uri": "https://api.weixin.qq.com/sns/userinfo/nounionid?access_token=secret-access-token&openid=my-open-id",
+      "contentFormat": "json",
+      "contentJson": {
+        "unionid": "",
+        "nickname": "John Smith",
+        "sex": "Male",
+        "country": "CN",
+        "openid": "my-open-id",
+        "province": "Hebei",
+        "city": "Beijing",
+        "headimgurl": "https://weixin.qq.local/image.png",
+        "privilege": [
+          "a",
+          "b",
+          "c"
+        ]
+      }
     }
   ]
 }