Last active
May 13, 2019 16:39
-
-
Save juloliveira/67556b18d1831d9c79bae21f098885ed to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System.Security.Claims; | |
using System.Threading.Tasks; | |
using Microsoft.Owin; | |
using Microsoft.Owin.Security.OpenIdConnect; | |
using Owin; | |
// Nuget Packages | |
// Microsoft.Owin.Security.OpenIdConnect | |
// Microsoft.Owin.Host.SystemWeb | |
// Web.config | |
// <configuration> | |
// <appSettings> | |
// <add key="owin:AutomaticAppStartup" value="true" /> | |
// <add key="owin:appStartup" value="Bandeirantes.OpenIDConnect.Startup" /> | |
// </appSettings> | |
// </configuration> | |
[assembly: OwinStartup(typeof(Bandeirantes.OpenIDConnect.Startup))] | |
namespace Bandeirantes.OpenIDConnect | |
{ | |
public partial class Startup | |
{ | |
public void Configuration(IAppBuilder app) | |
{ | |
ConfigureAuth(app); | |
} | |
public void ConfigureAuth(IAppBuilder app) | |
{ | |
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions | |
{ | |
AuthenticationType = "Cookies" | |
}); | |
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions | |
{ | |
ClientId = "mvc", | |
Authority = "https://auth.bandeirantes.digital", | |
ResponseType = "token id_token", | |
RedirectUri = "http://localhost:6222/signin-oidc", // Endereço da aplicação, necessário cadastrar no autenticador | |
Scope = "openid comercial", | |
UseTokenLifetime = false, | |
SignInAsAuthenticationType = "Cookies", | |
Notifications = new OpenIdConnectAuthenticationNotifications() | |
{ | |
SecurityTokenValidated = context => | |
{ | |
var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; | |
var userContext = context.AuthenticationTicket.Identity; | |
userContext.AddClaim(new Claim("access_token", context.ProtocolMessage.AccessToken)); | |
userContext.AddClaim(new Claim("id_token", context.ProtocolMessage.IdToken)); | |
var handler = new JwtSecurityTokenHandler(); | |
var jsonToken = handler.ReadToken(context.ProtocolMessage.AccessToken) as JwtSecurityToken; | |
var customScopes = jsonToken.Claims.Where(x => x.Type == "scope" && x.Value != "openid"); | |
foreach (var customScope in customScopes) | |
userContext.AddClaims(jsonToken.Claims.Where(x => x.Type == customScope.Value)); | |
return Task.FromResult(0); | |
} | |
} | |
}); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment