Open vitalybrandes opened 4 years ago
You can replace default IUserClaimsPrincipalFactory by your own one on startup. Like this:
var orchardUserClaimsFactory = serviceCollection.FirstOrDefault(sd => sd.ServiceType == typeof(IUserClaimsPrincipalFactory<CoreUsers.IUser>));
if (orchardUserClaimsFactory != null)
{
serviceCollection.Remove(orchardUserClaimsFactory);
}
serviceCollection.AddScoped<IUserClaimsPrincipalFactory<CoreUsers.IUser>, YourUserClaimsFactory>();
YourUserClaimsFactory can inherit from the former one: DefaultUserClaimsPrincipalFactory.
Then your override GenerateClaimsAsync like this:
protected override async Task<ClaimsIdentity> GenerateClaimsAsync(IUser user)
{
var claims = await base.GenerateClaimsAsync(user);
var userProfile = (user as User).As<UserProfile>();
claims.AddClaim(new Claim("yourClaimKey", "yourValue"));
}
var userProfile = (user as User).As<UserProfile>();
Did it exactly the same using claim demo from DEMO MODULE, but when i add some new claim,
if (!string.IsNullOrEmpty(userProfile.Company))
{
claims.AddClaim(new Claim("company", userProfile.Company));
}
dont see the data in postman. Feeling that i missing something.
When you say you don't see data in postman, do you mean you configured open id to server JWT Tokens instead of encrypted ones, and you decode the returned token and it doesn't contain the added claim?
When you say you don't see data in postman, do you mean you configured open id to server JWT Tokens instead of encrypted ones, and you decode the returned token and it doesn't contain the added claim?
Exactly! I do receive other info as username , email , full name etc, but my own claims (Company name) Not.
It sounds weird. I imagine that you checked YourUserClaimsFactory code is called putting a breakpoint there, isn't it? Can you provide a simple example based on RC myget packages on a public github repo that shows the behavior you describe?
It sounds weird. I imagine that you checked YourUserClaimsFactory code is called putting a breakpoint there, isn't it? Can you provide a simple example based on RC myget packages on a public github repo that shows the behavior you describe?
Unfortunately not, this is commercial product, here is my CliamPrincipalsFactory,cs
`
internal class UserClaimsPrincipalFactory : DefaultUserClaimsPrincipalFactory
{
public UserClaimsPrincipalFactory(UserManager
}
protected override async Task<ClaimsIdentity> GenerateClaimsAsync(IUser user)
{
var claims = await base.GenerateClaimsAsync(user);
var userProfile = (user as User).As<ExtendUserProfile>();
claims.AddClaim(new Claim("preferred_username", user.UserName));
var name = "";
if (!string.IsNullOrEmpty(userProfile.FirstName))
{
claims.AddClaim(new Claim("given_name", userProfile.FirstName));
name += userProfile.FirstName;
}
if (!string.IsNullOrEmpty(userProfile.LastName))
{
claims.AddClaim(new Claim("family_name", userProfile.LastName));
name += $" {userProfile.LastName}";
}
if (!string.IsNullOrEmpty(name))
claims.AddClaim(new Claim("name", name));
if (!string.IsNullOrEmpty(userProfile.Company))
{
claims.AddClaim(new Claim("company", userProfile.Company));
}
if (userProfile.UpdatedAt != default)
claims.AddClaim(new Claim("updated_at", ConvertToUnixTimestamp(userProfile.UpdatedAt).ToString(CultureInfo.InvariantCulture)));
return claims;
}
`
Everything except "Company" works
I test it again and what actually happen is that AddClaim was successfully done, but once i am authenticating via /connect/userinfo (WPF Desktop app) i am receive everything except "company"
The "Company" filed is additional field for User Profile
@kevinchalet Do you know why that can be?
The userinfo endpoint only returns a limited predefined set, so your custom claims are simply ignored: https://github.com/OrchardCMS/OrchardCore/blob/dev/src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/UserInfoController.cs
There's currently no hook to allow you to return custom claims from the default userinfo action.
The userinfo endpoint only returns a limited predefined set, so your custom claims are simply ignored: https://github.com/OrchardCMS/OrchardCore/blob/dev/src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/UserInfoController.cs
There's currently no hook to allow you to return custom claims from the default userinfo action.
@kevinchalet Can I some how add my own scope? Otherwise, is there any way I can return on authorization - my user profile? (Include company and some.more fields)?
I'm looking to do the same, but to use the existing defined claims i.e. given_name
. But my custom UserClaimsPrincipalFactory
doesn't seem to run. When does the GenerateClaimsAsync()
get called / meant to run? My breakpoint never seems to be hit.
Thanks
The userinfo endpoint only returns a limited predefined set, so your custom claims are simply ignored: https://github.com/OrchardCMS/OrchardCore/blob/dev/src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/UserInfoController.cs There's currently no hook to allow you to return custom claims from the default userinfo action.
@kevinchalet Can I some how add my own scope? Otherwise, is there any way I can return on authorization - my user profile? (Include company and some.more fields)?
@kevinchalet Any recomandation on this?
You can certainly create custom scopes, but someone will need to implement the mapping logic so that the user controller returns custom claims.
@stevetayloruk
See what our DefaultUserClaimsPrincipalFactory
does and how it is registered, then see in the OC.Demo
module how it is replaced by the DemoUserClaimsPrincipalFactory
in the OC.Demo
module startup. Notice that the OC.Demo
has a dependency on OC.Users
in its Manifest.cs
so that its startup ConfigureServices()
runs after the OC.Users
one.
Thank you @jtkech! That's sorted it.
All that was required was to add Dependencies = new []{ "OrchardCore.Users" }
to the manifest.
I didn't realise that the manifest dependencies had any more effect other than enabling depended features.
Cheers
Steve
How to extend OPEN ID claims to my own? I did extend user profile for some my fields as AND and i would like to claim this via OPEN ID infouser.