Merge branch 'dev'

IdentityServer · Sep 3, 2015 · 84e681e · 84e681e
2 parents e69e708 + 3e86ff2
commit 84e681e
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 2 deletions.
diff --git a/default.ps1 b/default.ps1
@@ -11,7 +11,7 @@ properties {
 	$nuget_path = "$src_directory\.nuget\nuget.exe"
 
 	$buildNumber = 0;
-	$version = "2.0.0.0"
+	$version = "2.1.0.0"
 	$preRelease = $null
 }
 

diff --git a/source/AccessTokenValidation/AccessTokenValidation.csproj b/source/AccessTokenValidation/AccessTokenValidation.csproj
@@ -98,6 +98,7 @@
     <Compile Include="Plumbing\StringExtensions.cs" />
     <Compile Include="Plumbing\ValidationEndpointTokenProvider.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="PreserveAccessTokenMiddleware.cs" />
     <Compile Include="ScopeRequirementMiddleware.cs" />
     <Compile Include="ValidationMode.cs" />
   </ItemGroup>

diff --git a/source/AccessTokenValidation/IdentityServerBearerTokenAuthenticationOptions.cs b/source/AccessTokenValidation/IdentityServerBearerTokenAuthenticationOptions.cs
@@ -39,6 +39,7 @@ public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer")
             ValidationMode = ValidationMode.Both;
             RequiredScopes = Enumerable.Empty<string>();
             ValidationResultCacheDuration = TimeSpan.FromMinutes(5);
+            PreserveAccessToken = false;
         }
 
         /// <summary>
@@ -128,5 +129,13 @@ public IdentityServerBearerTokenAuthenticationOptions() : base("Bearer")
         /// The required scopes.
         /// </value>
         public IEnumerable<string> RequiredScopes { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether to preserve the access token as a claim. Defaults to false.
+        /// </summary>
+        /// <value>
+        ///   <c>true</c> if access token is preserved; otherwise, <c>false</c>.
+        /// </value>
+        public bool PreserveAccessToken { get; set; }
     }
 }
diff --git a/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationAppBuilderExtensions.cs
@@ -68,6 +68,11 @@ public static IAppBuilder UseIdentityServerBearerTokenAuthentication(this IAppBu
                 app.Use<ScopeRequirementMiddleware>(options.RequiredScopes);
             }
 
+            if (options.PreserveAccessToken)
+            {
+                app.Use<PreserveAccessTokenMiddleware>();
+            }
+
             return app;
         }
 

diff --git a/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs b/source/AccessTokenValidation/IdentityServerBearerTokenValidationMiddleware.cs
@@ -21,6 +21,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using AppFunc = System.Func<System.Collections.Generic.IDictionary<string, object>, System.Threading.Tasks.Task>;
 
@@ -84,7 +85,6 @@ public async Task Invoke(IDictionary<string, object> environment)
 
             context.Set("idsrv:tokenvalidation:token", token);
 
-
             // seems to be a JWT
             if (token.Contains('.'))
             {

diff --git a/source/AccessTokenValidation/PreserveAccessTokenMiddleware.cs b/source/AccessTokenValidation/PreserveAccessTokenMiddleware.cs
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2015 Dominick Baier, Brock Allen
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Microsoft.Owin;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using AppFunc = System.Func<System.Collections.Generic.IDictionary<string, object>, System.Threading.Tasks.Task>;
+
+namespace IdentityServer3.AccessTokenValidation
+{
+    /// <summary>
+    /// Middleware to check for scope claims in access token
+    /// </summary>
+    internal class PreserveAccessTokenMiddleware
+    {
+        private readonly AppFunc _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="PreserveAccessTokenMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next middleware.</param>
+        public PreserveAccessTokenMiddleware(AppFunc next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Invokes the middleware.
+        /// </summary>
+        /// <param name="env">The OWIN environment.</param>
+        /// <returns></returns>
+        public async Task Invoke(IDictionary<string, object> env)
+        {
+            var context = new OwinContext(env);
+
+            // if no token was sent - no need to validate scopes
+            var principal = context.Authentication.User;
+            if (principal == null || principal.Identity == null || !principal.Identity.IsAuthenticated)
+            {
+                await _next(env);
+                return;
+            }
+
+            var token = context.Get<string>("idsrv:tokenvalidation:token");
+            if (!string.IsNullOrWhiteSpace(token))
+            {
+                principal.Identities.First().AddClaim(new Claim("token", token));
+            }
+
+            await _next(env);
+        }
+    }
+}
diff --git a/source/VersionAssemblyInfo.cs b/source/VersionAssemblyInfo.cs