lsm/openiddict-documentation
1
0
Fork 0
mirror of https://gitee.com/dcren/openiddict-documentation.git synced 2025-04-05 17:38:03 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a section about userinfo response unwrapping in the web providers guide

Browse Source
This commit is contained in:
Kévin Chalet 2023-08-05 17:00:34 +02:00
parent 6b3646d664
commit f79d5c945c
1 changed files with 71 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
guides/contributing-a-new-web-provider.md
View File

@ -156,12 +156,80 @@ the OpenIddict client to communicate with the remote authorization server. For i
> </Provider> > </Provider>
> ``` > ```
## Unwrap userinfo responses if necessary
If the provider returns wrapped or nested userinfo responses (e.g under a `response` or `data` node), the `UnwrapUserinfoResponse` handler in
[OpenIddictClientWebIntegrationHandlers.Userinfo.cs](https://github.com/openiddict/openiddict-core/blob/dev/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs)
must be updated to unwrap the userinfo payload and allow OpenIddict to map them to flat CLR `Claim` instances:
```csharp
/// <summary>
/// Contains the logic responsible for extracting the userinfo response
/// from nested JSON nodes (e.g "data") for the providers that require it.
/// </summary>
public sealed class UnwrapUserinfoResponse : IOpenIddictClientHandler<ExtractUserinfoResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictClientHandlerDescriptor Descriptor { get; }
= OpenIddictClientHandlerDescriptor.CreateBuilder<ExtractUserinfoResponseContext>()
.UseSingletonHandler<UnwrapUserinfoResponse>()
.SetOrder(int.MaxValue - 50_000)
.SetType(OpenIddictClientHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ExtractUserinfoResponseContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
context.Response = context.Registration.ProviderType switch
{
// Fitbit returns a nested "user" object.
ProviderTypes.Fitbit => new(context.Response["user"]?.GetNamedParameters() ??
throw new InvalidOperationException(SR.FormatID0334("user"))),
// StackExchange returns an "items" array containing a single element.
ProviderTypes.StackExchange => new(context.Response["items"]?[0]?.GetNamedParameters() ??
throw new InvalidOperationException(SR.FormatID0334("items/0"))),
// SubscribeStar returns a nested "user" object that is itself nested in a GraphQL "data" node.
ProviderTypes.SubscribeStar => new(context.Response["data"]?["user"]?.GetNamedParameters() ??
throw new InvalidOperationException(SR.FormatID0334("data/user"))),
_ => context.Response
};
return default;
}
}
```
> [!NOTE]
> If you're unsure whether the provider returns wrapped responses or not, the
> received payload can be found in the logs after a successful authorization flow:
>
> ```
> OpenIddict.Client.OpenIddictClientDispatcher: Information: The userinfo response returned by https://contoso.com/users/me was successfully extracted: {
> "data": {
> "username": "odile.donat",
> "name": "Odile Donat",
> "email": "odile.donat@fabrikam.com"
> }
> }.
> ```
## If the provider doesn't support standard OpenID Connect userinfo, map the provider-specific claims to their `ClaimTypes` equivalent ## If the provider doesn't support standard OpenID Connect userinfo, map the provider-specific claims to their `ClaimTypes` equivalent
If the provider doesn't return an `id_token` and doesn't offer a standard userinfo endpoint, it is likely it uses custom parameters If the provider doesn't return an `id_token` and doesn't offer a standard userinfo endpoint, it is likely it uses custom parameters
to represent things like the user identifier. If so, update the `MapCustomWebServicesFederationClaims` event handler to map these to represent things like the user identifier. If so, update the `MapCustomWebServicesFederationClaims` event handler in
parameters to the usual WS-Federation claims exposed by the .NET BCL `ClaimTypes` class, which simplifies integration with libraries [OpenIddictClientWebIntegrationHandlers.cs](https://github.com/openiddict/openiddict-core/blob/dev/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs)
like ASP.NET Core Identity: to map these parameters to the usual WS-Federation claims exposed by the .NET BCL `ClaimTypes` class, which simplifies integration
with libraries like ASP.NET Core Identity:
```csharp ```csharp
/// <summary> /// <summary>