lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2026-06-25 14:54:04 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update the claim destinations documentation to use the new SetDestinations() overload introduced in OpenIddict 4.0

Browse Source
This commit is contained in:
Kévin Chalet
2023-03-25 19:07:59 +01:00
parent e96a6d4737
commit 4a15fe07f5
1 changed files with 18 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
configuration/claim-destinations.md
View File

@@ -17,7 +17,7 @@ For these reasons, **OpenIddict doesn't automatically copy the claims attached t
to an access or identity token, a flag known as "claim destination" must be added to each `Claim` instance you want to expose. to an access or identity token, a flag known as "claim destination" must be added to each `Claim` instance you want to expose.
> [!NOTE] > [!NOTE]
> To attach one or multiple destinations to a claim, use the `claim.SetDestinations()` extension defined in `OpenIddict.Abstractions`. > To attach one or multiple destinations to a claim, use the `principal.SetDestinations()` extension defined in `OpenIddict.Abstractions`.
> In the typical case, granted scopes can be used to determine what claims are allowed to be copied to access and identity tokens, as in this example: > In the typical case, granted scopes can be used to determine what claims are allowed to be copied to access and identity tokens, as in this example:
```csharp ```csharp
@@ -28,14 +28,11 @@ var principal = await _signInManager.CreateUserPrincipalAsync(user);
// For that, simply restrict the list of scopes before calling SetScopes(). // For that, simply restrict the list of scopes before calling SetScopes().
principal.SetScopes(request.GetScopes()); principal.SetScopes(request.GetScopes());
principal.SetResources(await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync()); principal.SetResources(await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync());
principal.SetDestinations(static claim => claim.Type switch
foreach (var claim in principal.Claims)
{
claim.SetDestinations(claim.Type switch
{ {
// If the "profile" scope was granted, allow the "name" claim to be // If the "profile" scope was granted, allow the "name" claim to be
// added to the access and identity tokens derived from the principal. // added to the access and identity tokens derived from the principal.
Claims.Name when principal.HasScope(Scopes.Profile) => new[] Claims.Name when claim.Subject.HasScope(Scopes.Profile) => new[]
{ {
OpenIddictConstants.Destinations.AccessToken, OpenIddictConstants.Destinations.AccessToken,
OpenIddictConstants.Destinations.IdentityToken OpenIddictConstants.Destinations.IdentityToken
@@ -52,7 +49,6 @@ foreach (var claim in principal.Claims)
OpenIddictConstants.Destinations.AccessToken OpenIddictConstants.Destinations.AccessToken
} }
}); });
}
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme); return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
``` ```