karbyninc/IdentityProviderProcessor.cs

## IdentityProviderProcessor.cs
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using Sitecore.Owin.Authentication.Configuration;
using Sitecore.Owin.Authentication.Pipelines.IdentityProviders;
using Sitecore.Owin.Authentication.Services;
using System.Collections.Generic;
using Microsoft.Owin;


namespace Foundation.Authentication
{
   public class IdentityProviderProcessor : IdentityProvidersProcessor
   {

      private readonly FederatedAuthenticationConfiguration _configuration;

      //This was the identifier we specified in the configuration file.
      //Again, this can be whatever you wish to call it.
      protected override string IdentityProviderName => "idsrv";

      public IdentityProviderProcessor(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration) : base(federatedAuthenticationConfiguration)
      {
         _configuration = federatedAuthenticationConfiguration;
      }


      protected override void ProcessCore(IdentityProvidersArgs args)
      {
         var identityProvider = GetIdentityProvider();
         var authenticationType = GetAuthenticationType();
         var clientId = Sitecore.Configuration.Settings.GetSetting("ClientId");
         var authority = Sitecore.Configuration.Settings.GetSetting("AuthenticationAuthority");
         var redirectUri = Sitecore.Configuration.Settings.GetSetting("AuthenticationRedirectUri");

         args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
         {
            Caption = identityProvider.Caption,
            Scope = "openid profile roles memberships functionalities",
            AuthenticationType = authenticationType,
            AuthenticationMode = AuthenticationMode.Active,
            ResponseType = "code id_token token",
            SignInAsAuthenticationType = "Cookies",
            ClientId = clientId,
            Authority = authority,
            RedirectUri = redirectUri,
            TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
            {
               ValidateIssuer = true,
               ValidIssuer = authority
            },
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
               //SecurityTokenValidated allows you to write code after a token has passed validation and you have a Claims Identity
               SecurityTokenValidated = async n =>
               {
                  var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType, "name", "role");

                  /*
                    I wanted to get additional userinfo data by using our access token to retrieve data from the authority's /connect/userinfo endpoint.
                  */
                  var userInfoClient = new Thinktecture.IdentityModel.Client.UserInfoClient(new System.Uri(n.Options.Authority + "/connect/userinfo"), n.ProtocolMessage.AccessToken);
                  var userInfo = await userInfoClient.GetAsync();

                  var sidentity = n.AuthenticationTicket.Identity;
                  userInfo.Claims.ToList().ForEach(ui => sidentity.AddClaim(new Claim(ui.Item1, ui.Item2)));

                  //Retrieve the first and last name, and then the goal is to concatenate them for a "full name" property
                  var firstName = "";
                  var lastName = "";

                  //Retrieve the claim given_name, and assign to first_name
                  if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name") != null)
                     firstName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name").Item2;

                  //The claim "family_name" is what was getting returned from the info
                  if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name") != null)
                     lastName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name").Item2;

                  //Add a custom claim, which is then transformed to the Sitecore FullName field.
                  sidentity.AddClaim(new Claim("UserFullName", firstName + " " + lastName));

                  //Add another custom claim for comments, just to further demonstrate this:
                  sidentity.AddClaim(new Claim("xComment", "My custom comment from claims that I added!"));

                  //Apply transformations using our rules in the Sitecore.Owin.Authentication.Enabler.config
                  foreach (var claimTransformationService in identityProvider.Transformations)
                     claimTransformationService.Transform(sidentity, new TransformationContext(_configuration, identityProvider));


                  n.AuthenticationTicket = new AuthenticationTicket(sidentity, n.AuthenticationTicket.Properties);
               },
               RedirectToIdentityProvider = n =>
               {
                  if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                  {
                     var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
                     if (idTokenHint != null)
                     {
                        n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                        n.OwinContext.Authentication.SignOut();
                     }
                  }
                  return Task.FromResult(0);
               }
            }
         });
      }
   }
}
	using System.Linq;
	using System.Security.Claims;
	using System.Threading.Tasks;
	using Microsoft.IdentityModel.Protocols;
	using Microsoft.Owin.Security;
	using Microsoft.Owin.Security.Notifications;
	using Microsoft.Owin.Security.OpenIdConnect;
	using Owin;
	using Sitecore.Owin.Authentication.Configuration;
	using Sitecore.Owin.Authentication.Pipelines.IdentityProviders;
	using Sitecore.Owin.Authentication.Services;
	using System.Collections.Generic;
	using Microsoft.Owin;



	namespace Foundation.Authentication
	{
	public class IdentityProviderProcessor : IdentityProvidersProcessor
	{

	private readonly FederatedAuthenticationConfiguration _configuration;

	//This was the identifier we specified in the configuration file.
	//Again, this can be whatever you wish to call it.
	protected override string IdentityProviderName => "idsrv";

	public IdentityProviderProcessor(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration) : base(federatedAuthenticationConfiguration)
	{
	_configuration = federatedAuthenticationConfiguration;
	}


	protected override void ProcessCore(IdentityProvidersArgs args)
	{
	var identityProvider = GetIdentityProvider();
	var authenticationType = GetAuthenticationType();
	var clientId = Sitecore.Configuration.Settings.GetSetting("ClientId");
	var authority = Sitecore.Configuration.Settings.GetSetting("AuthenticationAuthority");
	var redirectUri = Sitecore.Configuration.Settings.GetSetting("AuthenticationRedirectUri");

	args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
	{
	Caption = identityProvider.Caption,
	Scope = "openid profile roles memberships functionalities",
	AuthenticationType = authenticationType,
	AuthenticationMode = AuthenticationMode.Active,
	ResponseType = "code id_token token",
	SignInAsAuthenticationType = "Cookies",
	ClientId = clientId,
	Authority = authority,
	RedirectUri = redirectUri,
	TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
	{
	ValidateIssuer = true,
	ValidIssuer = authority
	},
	Notifications = new OpenIdConnectAuthenticationNotifications
	{
	//SecurityTokenValidated allows you to write code after a token has passed validation and you have a Claims Identity
	SecurityTokenValidated = async n =>
	{
	var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType, "name", "role");

	/*
	I wanted to get additional userinfo data by using our access token to retrieve data from the authority's /connect/userinfo endpoint.
	*/
	var userInfoClient = new Thinktecture.IdentityModel.Client.UserInfoClient(new System.Uri(n.Options.Authority + "/connect/userinfo"), n.ProtocolMessage.AccessToken);
	var userInfo = await userInfoClient.GetAsync();

	var sidentity = n.AuthenticationTicket.Identity;
	userInfo.Claims.ToList().ForEach(ui => sidentity.AddClaim(new Claim(ui.Item1, ui.Item2)));

	//Retrieve the first and last name, and then the goal is to concatenate them for a "full name" property
	var firstName = "";
	var lastName = "";

	//Retrieve the claim given_name, and assign to first_name
	if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name") != null)
	firstName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name").Item2;

	//The claim "family_name" is what was getting returned from the info
	if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name") != null)
	lastName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name").Item2;

	//Add a custom claim, which is then transformed to the Sitecore FullName field.
	sidentity.AddClaim(new Claim("UserFullName", firstName + " " + lastName));

	//Add another custom claim for comments, just to further demonstrate this:
	sidentity.AddClaim(new Claim("xComment", "My custom comment from claims that I added!"));

	//Apply transformations using our rules in the Sitecore.Owin.Authentication.Enabler.config
	foreach (var claimTransformationService in identityProvider.Transformations)
	claimTransformationService.Transform(sidentity, new TransformationContext(_configuration, identityProvider));


	n.AuthenticationTicket = new AuthenticationTicket(sidentity, n.AuthenticationTicket.Properties);
	},
	RedirectToIdentityProvider = n =>
	{
	if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
	{
	var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
	if (idTokenHint != null)
	{
	n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
	n.OwinContext.Authentication.SignOut();
	}
	}
	return Task.FromResult(0);
	}
	}
	});
	}
	}
	}