-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMsClientPrincipal.cs
More file actions
51 lines (38 loc) · 1.97 KB
/
MsClientPrincipal.cs
File metadata and controls
51 lines (38 loc) · 1.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
using System.Security.Claims;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace EasyAuth.Handlers;
public class MsClientPrincipal
{
private static readonly JsonSerializerOptions options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
[JsonPropertyName("auth_typ")]
public string? IdentityProvider { get; set; }
[JsonPropertyName("name_typ")]
public string? NameClaimType { get; set; }
[JsonPropertyName("role_typ")]
public string? RoleClaimType { get; set; }
[JsonPropertyName("claims")]
public IEnumerable<MsClientPrincipalClaim>? Claims { get; set; }
public static async Task<MsClientPrincipal?> ParseMsClientPrincipal(string value)
{
var decoded = Convert.FromBase64String(value);
using var stream = new MemoryStream(decoded);
var principal = await JsonSerializer.DeserializeAsync<MsClientPrincipal>(stream, options).ConfigureAwait(false);
return principal;
}
public static async Task<ClaimsPrincipal?> ParseClaimsPrincipal(string value)
{
var clientPrincipal = await ParseMsClientPrincipal(value).ConfigureAwait(false);
if (clientPrincipal == null || clientPrincipal.Claims?.Any() == false)
{
return null;
}
var claims = clientPrincipal.Claims!.Select(claim => new Claim(claim.Type!, claim.Value!));
// remap "roles" claims from easy auth to the more standard ClaimTypes.Role: "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
var easyAuthRoleClaims = claims.Where(claim => claim.Type == "roles");
var claimsAndRoles = claims.Concat(easyAuthRoleClaims.Select(role => new Claim(clientPrincipal.RoleClaimType!, role.Value)));
var identity = new ClaimsIdentity(claimsAndRoles, clientPrincipal.IdentityProvider, clientPrincipal.NameClaimType, clientPrincipal.RoleClaimType);
var claimsPrincipal = new ClaimsPrincipal(identity);
return claimsPrincipal;
}
}