From a4e08fddce151d172bd2373478b0f1f9529eb073 Mon Sep 17 00:00:00 2001 From: Taufik Hidayat Date: Sat, 23 Nov 2024 15:17:11 +0700 Subject: [PATCH] Add support for JSON claim value type --- .../src/IdentityModel/Client/JsonElementExtensions.cs | 4 ++++ .../HttpClientExtensions/TokenIntrospectionTests.cs | 5 +++++ .../documents/legacy_success_introspection_response.json | 3 ++- .../documents/success_introspection_response.json | 3 ++- .../documents/success_introspection_response_no_issuer.json | 3 ++- 5 files changed, 15 insertions(+), 3 deletions(-) diff --git a/identity-model/src/IdentityModel/Client/JsonElementExtensions.cs b/identity-model/src/IdentityModel/Client/JsonElementExtensions.cs index 62a9a134..2c58a2a3 100644 --- a/identity-model/src/IdentityModel/Client/JsonElementExtensions.cs +++ b/identity-model/src/IdentityModel/Client/JsonElementExtensions.cs @@ -35,6 +35,10 @@ public static IEnumerable ToClaims(this JsonElement json, string? issuer claims.Add(new Claim(x.Name, Stringify(item), ClaimValueTypes.String, issuer)); } } + else if (x.Value.ValueKind == JsonValueKind.Object) + { + claims.Add(new Claim(x.Name, Stringify(x.Value), "JSON", issuer)); + } else { claims.Add(new Claim(x.Name, Stringify(x.Value), ClaimValueTypes.String, issuer)); diff --git a/identity-model/test/IdentityModel.Tests/HttpClientExtensions/TokenIntrospectionTests.cs b/identity-model/test/IdentityModel.Tests/HttpClientExtensions/TokenIntrospectionTests.cs index c99b93db..b8f134d6 100644 --- a/identity-model/test/IdentityModel.Tests/HttpClientExtensions/TokenIntrospectionTests.cs +++ b/identity-model/test/IdentityModel.Tests/HttpClientExtensions/TokenIntrospectionTests.cs @@ -83,6 +83,7 @@ public async Task Success_protocol_response_should_be_handled_correctly() new Claim("active", "true", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api1", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api2", ClaimValueTypes.String, "https://idsvr4"), + new Claim("realm_access", "{ \"roles\": [ \"uma_authorization\" ] }", "JSON", "https://idsvr4"), }); } @@ -120,6 +121,7 @@ public async Task Success_protocol_response_without_issuer_should_be_handled_cor new Claim("active", "true", ClaimValueTypes.String, "LOCAL AUTHORITY"), new Claim("scope", "api1", ClaimValueTypes.String, "LOCAL AUTHORITY"), new Claim("scope", "api2", ClaimValueTypes.String, "LOCAL AUTHORITY"), + new Claim("realm_access", "{ \"roles\": [ \"uma_authorization\" ] }", "JSON", "LOCAL AUTHORITY"), }); } @@ -160,6 +162,7 @@ public async Task Repeating_a_request_should_succeed() new Claim("active", "true", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api1", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api2", ClaimValueTypes.String, "https://idsvr4"), + new Claim("realm_access", "{ \"roles\": [ \"uma_authorization\" ] }", "JSON", "https://idsvr4"), }); // repeat @@ -184,6 +187,7 @@ public async Task Repeating_a_request_should_succeed() new Claim("active", "true", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api1", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api2", ClaimValueTypes.String, "https://idsvr4"), + new Claim("realm_access", "{ \"roles\": [ \"uma_authorization\" ] }", "JSON", "https://idsvr4"), }); } @@ -291,6 +295,7 @@ public async Task Legacy_protocol_response_should_be_handled_correctly() new Claim("active", "true", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api1", ClaimValueTypes.String, "https://idsvr4"), new Claim("scope", "api2", ClaimValueTypes.String, "https://idsvr4"), + new Claim("realm_access", "{ \"roles\": [ \"uma_authorization\" ] }", "JSON", "https://idsvr4"), }); } diff --git a/identity-model/test/IdentityModel.Tests/documents/legacy_success_introspection_response.json b/identity-model/test/IdentityModel.Tests/documents/legacy_success_introspection_response.json index c9deb9ce..fc7c416a 100644 --- a/identity-model/test/IdentityModel.Tests/documents/legacy_success_introspection_response.json +++ b/identity-model/test/IdentityModel.Tests/documents/legacy_success_introspection_response.json @@ -9,5 +9,6 @@ "idp": "local", "amr": "password", "active": true, - "scope": [ "api1", "api2" ] + "scope": [ "api1", "api2" ], + "realm_access": { "roles": [ "uma_authorization" ] } } \ No newline at end of file diff --git a/identity-model/test/IdentityModel.Tests/documents/success_introspection_response.json b/identity-model/test/IdentityModel.Tests/documents/success_introspection_response.json index 83b9f79d..08dfce39 100644 --- a/identity-model/test/IdentityModel.Tests/documents/success_introspection_response.json +++ b/identity-model/test/IdentityModel.Tests/documents/success_introspection_response.json @@ -9,5 +9,6 @@ "idp": "local", "amr": "password", "active": true, - "scope": "api1 api2" + "scope": "api1 api2", + "realm_access": { "roles": [ "uma_authorization" ] } } \ No newline at end of file diff --git a/identity-model/test/IdentityModel.Tests/documents/success_introspection_response_no_issuer.json b/identity-model/test/IdentityModel.Tests/documents/success_introspection_response_no_issuer.json index ab97c850..e61088ce 100644 --- a/identity-model/test/IdentityModel.Tests/documents/success_introspection_response_no_issuer.json +++ b/identity-model/test/IdentityModel.Tests/documents/success_introspection_response_no_issuer.json @@ -8,5 +8,6 @@ "idp": "local", "amr": "password", "active": true, - "scope": "api1 api2" + "scope": "api1 api2", + "realm_access": { "roles": [ "uma_authorization" ] } } \ No newline at end of file