Update to OpenIddict3.0

2025-12-19 06:54:19 +01:00 · 2019-10-08 15:21:30 +09:00
parent d56a5ad86e
commit 3c9b58916b
29 changed files with 220 additions and 337 deletions
--- a/BTCPayServer/Controllers/AuthorizationController.cs
+++ b/BTCPayServer/Controllers/AuthorizationController.cs
@@ -17,18 +17,13 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Microsoft.AspNetCore;
 using OpenIddict.Abstractions;
 using OpenIddict.Core;
 using OpenIddict.Server;
-#if NETCOREAPP21
-using OpenIddictRequest = AspNet.Security.OpenIdConnect.Primitives.OpenIdConnectRequest;
-using OpenIdConnectDefaults = OpenIddict.Server.OpenIddictServerDefaults;
-using AspNet.Security.OpenIdConnect.Extensions;
-using AspNet.Security.OpenIdConnect.Primitives;
-#else
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-#endif
+using OpenIddict.Server.AspNetCore;

 namespace BTCPayServer.Controllers
 {
@@ -56,10 +51,11 @@ namespace BTCPayServer.Controllers

        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] 
        [HttpGet("/connect/authorize")]
-        public async Task<IActionResult> Authorize(OpenIddictRequest openIdConnectRequest)
+        public async Task<IActionResult> Authorize()
        {
+            var request = HttpContext.GetOpenIddictServerRequest();
            // Retrieve the application details from the database.
-            var application = await _applicationManager.FindByClientIdAsync(openIdConnectRequest.ClientId);
+            var application = await _applicationManager.FindByClientIdAsync(request.ClientId);

            if (application == null)
            {
@@ -74,9 +70,9 @@ namespace BTCPayServer.Controllers

            var userId = _userManager.GetUserId(User);
            if (!string.IsNullOrEmpty(
-                await OpenIdExtensions.IsUserAuthorized(_authorizationManager, openIdConnectRequest, userId, application.Id)))
+                await OpenIdExtensions.IsUserAuthorized(_authorizationManager, request, userId, application.Id)))
            {
-                return await Authorize(openIdConnectRequest, "YES", false);
+                return await Authorize("YES", false);
            }

            // Flow the request_id to allow OpenIddict to restore
@@ -84,16 +80,16 @@ namespace BTCPayServer.Controllers
            return View(new AuthorizeViewModel
            {
                ApplicationName = await _applicationManager.GetDisplayNameAsync(application),
-                RequestId = openIdConnectRequest.RequestId,
-                Scope = openIdConnectRequest.GetScopes()
+                RequestId = request.RequestId,
+                Scope = request.GetScopes()
            });
        }

        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        [HttpPost("/connect/authorize")]
-        public async Task<IActionResult> Authorize(OpenIddictRequest openIdConnectRequest,
-            string consent, bool createAuthorization = true)
+        public async Task<IActionResult> Authorize(string consent, bool createAuthorization = true)
        {
+            var request = HttpContext.GetOpenIddictServerRequest();
            var user = await _userManager.GetUserAsync(User);
            if (user == null)
            {
@@ -118,26 +114,24 @@ namespace BTCPayServer.Controllers
                default:
                    // Notify OpenIddict that the authorization grant has been denied by the resource owner
                    // to redirect the user agent to the client application using the appropriate response_mode.
-                    return Forbid(OpenIdConnectDefaults.AuthenticationScheme);
+                    return Forbid(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
            }


-            // Create a new authentication ticket.
-            var ticket =
-                await OpenIdExtensions.CreateAuthenticationTicket(_applicationManager, _authorizationManager,
-                    _IdentityOptions.Value, _signInManager,
-                    openIdConnectRequest, user);
+            var principal = await _signInManager.CreateUserPrincipalAsync(user);
+            principal = await _signInManager.CreateUserPrincipalAsync(user);
+            principal.SetScopes(request.GetScopes().Restrict(principal));
+            principal.SetDestinations(_IdentityOptions.Value);
            if (createAuthorization)
            {
-                var application = await _applicationManager.FindByClientIdAsync(openIdConnectRequest.ClientId);
+                var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
                var authorization = await _authorizationManager.CreateAsync(User, user.Id, application.Id,
-                    type, ticket.GetScopes().ToImmutableArray(),
-                    ticket.Properties.Items.ToImmutableDictionary());
-                ticket.SetInternalAuthorizationId(authorization.Id);
+                                    type, principal.GetScopes().ToImmutableArray());
+                principal.SetInternalAuthorizationId(authorization.Id);
            }

            // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
-            return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
+            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
        }
    }
 }