juloliveira/Bandeirantes.OpenIDConnect.Startup.AspNetMvc.cs

## Bandeirantes.OpenIDConnect.Startup.AspNetMvc.cs
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.Owin;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;

// Nuget Packages
// Microsoft.Owin.Security.OpenIdConnect
// Microsoft.Owin.Host.SystemWeb

// Web.config
// <configuration>
//   <appSettings>
//     <add key="owin:AutomaticAppStartup" value="true" />
//     <add key="owin:appStartup" value="Bandeirantes.OpenIDConnect.Startup" />
//   </appSettings>
// </configuration>

[assembly: OwinStartup(typeof(Bandeirantes.OpenIDConnect.Startup))]
namespace Bandeirantes.OpenIDConnect
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }

        public void ConfigureAuth(IAppBuilder app)
        {
            app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies"
            });

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId =      "mvc",
                Authority =     "https://auth.bandeirantes.digital",
                ResponseType =  "token id_token",
                RedirectUri =   "http://localhost:6222/signin-oidc", // Endereço da aplicação, necessário cadastrar no autenticador
                Scope =         "openid comercial",

                UseTokenLifetime = false,
                SignInAsAuthenticationType = "Cookies",

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = context =>
                    {
                        var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                        var userContext = context.AuthenticationTicket.Identity;

                        userContext.AddClaim(new Claim("access_token", context.ProtocolMessage.AccessToken));
                        userContext.AddClaim(new Claim("id_token", context.ProtocolMessage.IdToken));

                        var handler = new JwtSecurityTokenHandler();
                        var jsonToken = handler.ReadToken(context.ProtocolMessage.AccessToken) as JwtSecurityToken;

                        var customScopes = jsonToken.Claims.Where(x => x.Type == "scope" && x.Value != "openid");
                        foreach (var customScope in customScopes)
                            userContext.AddClaims(jsonToken.Claims.Where(x => x.Type == customScope.Value));

                        return Task.FromResult(0);
                    }
                }


            });
        }
    }
}
	using System.Security.Claims;
	using System.Threading.Tasks;
	using Microsoft.Owin;
	using Microsoft.Owin.Security.OpenIdConnect;
	using Owin;

	// Nuget Packages
	// Microsoft.Owin.Security.OpenIdConnect
	// Microsoft.Owin.Host.SystemWeb

	// Web.config
	// <configuration>
	// <appSettings>
	// <add key="owin:AutomaticAppStartup" value="true" />
	// <add key="owin:appStartup" value="Bandeirantes.OpenIDConnect.Startup" />
	// </appSettings>
	// </configuration>

	[assembly: OwinStartup(typeof(Bandeirantes.OpenIDConnect.Startup))]
	namespace Bandeirantes.OpenIDConnect
	{
	public partial class Startup
	{
	public void Configuration(IAppBuilder app)
	{
	ConfigureAuth(app);
	}

	public void ConfigureAuth(IAppBuilder app)
	{
	app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
	{
	AuthenticationType = "Cookies"
	});

	app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
	{
	ClientId = "mvc",
	Authority = "https://auth.bandeirantes.digital",
	ResponseType = "token id_token",
	RedirectUri = "http://localhost:6222/signin-oidc", // Endereço da aplicação, necessário cadastrar no autenticador
	Scope = "openid comercial",

	UseTokenLifetime = false,
	SignInAsAuthenticationType = "Cookies",

	Notifications = new OpenIdConnectAuthenticationNotifications()
	{
	SecurityTokenValidated = context =>
	{
	var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
	var userContext = context.AuthenticationTicket.Identity;

	userContext.AddClaim(new Claim("access_token", context.ProtocolMessage.AccessToken));
	userContext.AddClaim(new Claim("id_token", context.ProtocolMessage.IdToken));

	var handler = new JwtSecurityTokenHandler();
	var jsonToken = handler.ReadToken(context.ProtocolMessage.AccessToken) as JwtSecurityToken;

	var customScopes = jsonToken.Claims.Where(x => x.Type == "scope" && x.Value != "openid");
	foreach (var customScope in customScopes)
	userContext.AddClaims(jsonToken.Claims.Where(x => x.Type == customScope.Value));

	return Task.FromResult(0);
	}
	}


	});
	}
	}
	}