Support for actor claim type

matiii commented 4 years ago

Hi,

Could you provide similar support for actors as AddJwtBearer handler does ?

leastprivilege commented 4 years ago

I need more details.

matiii commented 4 years ago

Based on actort claim, lib should create Actor ClaimIdentity. Docs below https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.claimsidentity.actor?view=netcore-3.1 https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.claimtypes.actor?view=netcore-3.1

My custom implementation

.AddOAuth2Introspection("introspection", o => {;
                o.Events.OnCreatingTicket = principal => {
                    var actor = principal?.Claims.FirstOrDefault(x => x.Type == "actort");

                    if (actor != null)
                    {
                        var handler = new JwtSecurityTokenHandler();
                        var actorToken = handler.ReadJwtToken(actor.Value);

                        if (actorToken != null)
                        {
                            principal.Identities.First().Actor = new ClaimsIdentity(actorToken.Claims);
                        }
                    }

                    return Task.CompletedTask;
                };

            });

leastprivilege commented 3 years ago

Hey,

sorry this has been sitting here for a long time...

couple of questions -

where does the actort claim type come from - the closest I could think of is act from the token exchange spec
your assumption seems to be that there is a JWT on that claim - who produces this?

thanks

matiii commented 3 years ago

Hi sorry, for late replying

Ad.1 Yep, i think act is the closest to actort, however I suspect abbreavation means actor token Ad.2 I produce it on my custom grant type flow

IdentityModel / IdentityModel.AspNetCore.OAuth2Introspection

Support for actor claim type #113