public override void PreConfigureServices(ServiceConfigurationContext context)
{
PreConfigure<OpenIddictServerBuilder>(builder =>
{
builder.AddEventHandler(MyPrepareAccessTokenPrincipal.Descriptor);
});
}
using System.Security.Claims;
using OpenIddict.Abstractions;
using OpenIddict.Server;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Security.Claims;
namespace MyPrepareAccessTokenPrincipal;
public class CoMedClaimsPrincipalContributor : IAbpClaimsPrincipalContributor, ITransientDependency
{
public async Task ContributeAsync(AbpClaimsPrincipalContributorContext context)
{
var identity = context.ClaimsPrincipal.Identities.FirstOrDefault();
identity?.AddClaim(new Claim("SocialSecurityNumber", "Old SocialSecurityNumber"));
await Task.CompletedTask;
}
}
public class MyPrepareAccessTokenPrincipal : IOpenIddictServerHandler<OpenIddictServerEvents.ProcessSignInContext>
{
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ProcessSignInContext>()
.AddFilter<OpenIddictServerHandlerFilters.RequireAccessTokenGenerated>()
.UseSingletonHandler<MyPrepareAccessTokenPrincipal>()
.SetOrder(OpenIddictServerHandlers.PrepareAccessTokenPrincipal.Descriptor.Order + 1)
.SetType(OpenIddictServerHandlerType.Custom)
.Build();
public ValueTask HandleAsync(OpenIddictServerEvents.ProcessSignInContext context)
{
var identity = context.AccessTokenPrincipal?.Identities.FirstOrDefault();
identity?.RemoveClaims("SocialSecurityNumber");
identity?.AddClaim(new Claim("SocialSecurityNumber", DateTime.Now.ToString("s")));
return default;
}
}
hi mgurer
I confirmed that CoMedClaimsPrincipalContributor will not be called, Dynamic cliams may not be added or replaced. I will provide a solution as soon as possible,
hi
Here is my test code.
hi
https://docs.abp.io/en/commercial/latest/modules/identity/ldap
ok
I will give it a try.
Thanks, I will try to reproduce the issue.
I insist that IAbpClaimsPrincipalContributor is nothing to do with refresh_token flow
You will get access_token and refresh_token first.
Then use refresh_token to get them again.
The IAbpClaimsPrincipalContributor will be called when generating the access_token, and refresh_token will copy claims from access_token's principal.
Talk is cheap. You can prepare a simple demo project to reproduce your real problem.
support@abp.io
hi
refresh_token basically uses the claims from the access_token. So it shouldn't be a problem.
I called the token endpoint using refresh_token flow.
Can you share your access_token and HTTP request info?
I just tested the refresh_token flow
Can you share your steps?
