custom ProfileService

src/Yavsc.Abstract/Constants.cs

@@ -54,5 +54,7 @@ namespace Yavsc
         public const string LivePath = "/live/cast";
         
         public const string StreamingPath = "/api/stream/put";
+
+        public const string RoleClaimName = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
     }
 }

src/Yavsc.Server/Services/ProfileService.cs

@@ -30,9 +30,11 @@ namespace Yavsc.Services
 
             foreach (var scope in context.RequestedResources.ParsedScopes)
             {
-                claims.Add(new Claim(JwtClaimTypes.Scope, scope.ParsedName));
-                claimAdds.Add(scope.ParsedName);
-                // TODO scope has a ParsedParameter
+                if (context.Client.AllowedScopes.Contains(scope.ParsedName))
+                {
+                    claims.Add(new Claim(JwtClaimTypes.Scope, scope.ParsedName));
+                    claimAdds.Add(scope.ParsedName);
+                }
             }
 
             if (claimAdds.Contains(JwtClaimTypes.Profile))
@@ -54,7 +56,7 @@ namespace Yavsc.Services
                 var roles = await this._userManager.GetRolesAsync(user);
                 if (roles.Count()>0)
                 {
-                    claims.Add(new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role",String.Join(" ",roles)));
+                    claims.AddRange(roles.Select(r => new Claim(Constants.RoleClaimName, r)));
                 }
             }
             return claims;

src/Yavsc/Extensions/HostingExtensions.cs

@@ -146,7 +146,7 @@ public static class HostingExtensions
 
         AddIdentityDBAndStores(builder).AddDefaultTokenProviders();;
 
-        AddIdentityServer(builder);
+        AddIdentityServer(builder).AddProfileService<ProfileService>();
         //services.AddScoped<IProfileService, ProfileService>();
 
         services.AddSession();

src/sampleWebAsWebApiClient/Startup.cs

@@ -1,3 +1,4 @@
+using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -5,6 +6,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
+using Yavsc;
 
 public class Startup
 {
@@ -34,12 +36,11 @@ public class Startup
                 options.GetClaimsFromUserInfoEndpoint = true;
                 options.SaveTokens = true;
                 options.ClaimActions.MapUniqueJsonKey(
-            "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
-            "http://schemas.microsoft.com/ws/2008/06/identity/claims/role");
-                options.ClaimActions.MapUniqueJsonKey("role",
-            "http://schemas.microsoft.com/ws/2008/06/identity/claims/role");
-                options.ClaimActions.MapUniqueJsonKey("roles",
-            "http://schemas.microsoft.com/ws/2008/06/identity/claims/role");
+                    Constants.RoleClaimName,
+                    Constants.RoleClaimName);
+                options.ClaimActions.MapUniqueJsonKey(
+                    JwtClaimTypes.Scope,
+                    JwtClaimTypes.Scope);
                 options.TokenValidationParameters = new TokenValidationParameters
                 {
                     NameClaimType = "name",